VYPR

Badblue

by Working Resources Inc.

CVEs (24)

  • CVE-2002-1022Oct 4, 2002
    risk 0.00cvss epss 0.03

    BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges.

  • CVE-2002-0800Aug 12, 2002
    risk 0.00cvss epss 0.02

    BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end.

  • CVE-2002-0326Jun 25, 2002
    risk 0.00cvss epss 0.02

    Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript.

  • CVE-2001-1140Aug 22, 2001
    risk 0.00cvss epss 0.02

    BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.

Page 2 of 2