Badblue
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1022 | 0.00 | — | 0.03 | Oct 4, 2002 | BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. | |||
| CVE-2002-0800 | 0.00 | — | 0.02 | Aug 12, 2002 | BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. | |||
| CVE-2002-0326 | 0.00 | — | 0.02 | Jun 25, 2002 | Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript. | |||
| CVE-2001-1140 | 0.00 | — | 0.02 | Aug 22, 2001 | BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. |
- CVE-2002-1022Oct 4, 2002risk 0.00cvss —epss 0.03
BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges.
- CVE-2002-0800Aug 12, 2002risk 0.00cvss —epss 0.02
BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end.
- CVE-2002-0326Jun 25, 2002risk 0.00cvss —epss 0.02
Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript.
- CVE-2001-1140Aug 22, 2001risk 0.00cvss —epss 0.02
BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.
Page 2 of 2