RSS   Vulnerabilities for 'Badblue'   RSS

2008-04-28
 
CVE-2008-2003

CWE-264
 

 
BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378.

 
2007-12-14
 
CVE-2007-6379

CWE-16
 

 
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message.

 
 
CVE-2007-6378

CWE-22
 

 
Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter.

 
 
CVE-2007-6377

CWE-119
 

 
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.

 


Copyright 2024, cxsecurity.com

 

Back to Top