RSS   Vulnerabilities for 'BOA'   RSS

2021-05-27
 
CVE-2021-33558

CWE-200
 

 
Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js.

 
2017-06-23
 
CVE-2017-9833

CWE-22
 

 
/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges.

 
2016-11-30
 
CVE-2016-9564

 

 
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.

 
2010-01-13
 
CVE-2009-4496

CWE-20
 

 
Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

 

 >>> Vendor: BOA 2 Products
Boa webserver
BOA


Copyright 2024, cxsecurity.com

 

Back to Top