Working Resources Inc. Badblue — known CVE vulnerabilities
Every CVE whose affected-product data names Working Resources Inc. Badblue, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2001-0277 — CVSS 10.0 (critical): Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute…
CVE-2003-0332 — CVSS 7.6 (high): The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after…
CVE-2002-0326 — CVSS 7.5 (high): Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional…
CVE-2002-2170 — CVSS 7.5 (high): Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the…
CVE-2002-1973 — CVSS 7.5 (high): Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static…
CVE-2002-1541 — CVSS 7.5 (high): BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra /…
CVE-2002-1022 — CVSS 7.5 (high): BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges.
CVE-2005-0595 — CVSS 7.5 (high): Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.
CVE-2001-0276 — CVSS 6.4 (medium): ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly…
CVE-2001-1140 — CVSS 5.0 (medium): BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to…
CVE-2004-2374 — CVSS 5.0 (medium): BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes…
CVE-2002-1023 — CVSS 5.0 (medium): BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI.
CVE-2002-1684 — CVSS 5.0 (medium): Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6…
CVE-2002-1021 — CVSS 5.0 (medium): BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte.
CVE-2002-0800 — CVSS 5.0 (medium): BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end.
CVE-2002-2289 — CVSS 5.0 (medium): soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC…
CVE-2002-0325 — CVSS 5.0 (medium): Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in…
CVE-2004-1727 — CVSS 5.0 (medium): BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same…
CVE-2002-1683 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other…
CVE-2002-1685 — CVSS 4.3 (medium): Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to…