VYPR

Boa

by Boa

Source repositories

CVEs (10)

  • CVE-2017-9833HigJun 24, 2017
    risk 0.57cvss 7.5epss 0.68

    /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because…

  • CVE-2016-9564HigNov 30, 2016
    risk 0.49cvss 7.5epss 0.01

    Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.

  • CVE-2024-43367HigAug 15, 2024
    risk 0.42cvss 7.5epss 0.01

    Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's `AsyncGenerator` operations can cause an uncaught exception on certain scripts. Boa's implementation…

  • CVE-2021-33558May 27, 2021
    risk 0.07cvss epss 0.10

    Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those…

  • CVE-2009-4496Jan 13, 2010
    risk 0.04cvss epss 0.12

    Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal…

  • CVE-2021-31576Feb 6, 2023
    risk 0.00cvss epss 0.01

    In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008;…

  • CVE-2021-31578Feb 6, 2023
    risk 0.00cvss epss 0.01

    In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008;…

  • CVE-2022-44117Nov 23, 2022
    risk 0.00cvss epss 0.01

    Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL.

  • CVE-2018-21028Oct 11, 2019
    risk 0.00cvss epss 0.02

    Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function.

  • CVE-2018-21027Oct 11, 2019
    risk 0.00cvss epss 0.02

    Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.