Product
working resources inc. badblue
24 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2008-2003
CVE-2007-6379
CVE-2007-6378
CVE-2007-6377
CVE-2005-0595
CVE-2004-2374
CVE-2004-1727
CVE-2003-0332
CVE-2002-1541
CVE-2002-2289
CVE-2002-2170
CVE-2002-1973
CVE-2002-1685
CVE-2002-1684
CVE-2002-1683
CVE-2002-1023
CVE-2002-1022
CVE-2002-1021
CVE-2002-0800
CVE-2002-0326
CVE-2002-0325
CVE-2001-1140
CVE-2001-0277
CVE-2001-0276
all versions
BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows rem
<= 2.72b
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals t
<= 2.72b
Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitr
<= 2.72b
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execu
all versions
Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.
all versions
BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which in
all versions
BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from
<= 2.2
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extens
all versions
BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an ext
all versions
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC
all versions
Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of
all versions
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC)
all versions
Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers
all versions
Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Editio
all versions
Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as
all versions
BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI.
all versions
BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain pr
all versions
BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded
all versions
BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end.
all versions
Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly a
all versions
Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot
all versions
BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null b
all versions
Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly e
all versions
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by dir