bfcommand & control server 1.22/2.0/2.14 manager Multiple Vulnerabilities
2005-08-29T00:00:00
ID EDB-ID:26210 Type exploitdb Reporter Luigi Auriemma Modified 2005-08-29T00:00:00
Description
BFCommand & Control Server 1.22/2.0/2.14 Manager Multiple Remote Vulnerabilities. CVE-2005-2791 . Remote exploits for multiple platform
source: http://www.securityfocus.com/bid/14690/info
BFCC and BFVCC server managers are vulnerable to multiple remote vulnerabilities.
The first two issues are login bypass vulnerabilities. These issues allow remote, anonymous attackers to gain access to the affected server process.
The third issue is a design error whereby the server application implements access controls, privileges, and other commands in the client-side of the connection. This allows remote attackers to gain full administrative access to the affected application.
The fourth issue is a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle multiple connections.
These vulnerabilities allow remote attackers to gain administrative access in the affected server application, and to deny further access to the application.
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/26210.zip
{"id": "EDB-ID:26210", "type": "exploitdb", "bulletinFamily": "exploit", "title": "bfcommand & control server 1.22/2.0/2.14 manager Multiple Vulnerabilities", "description": "BFCommand & Control Server 1.22/2.0/2.14 Manager Multiple Remote Vulnerabilities. CVE-2005-2791 . Remote exploits for multiple platform", "published": "2005-08-29T00:00:00", "modified": "2005-08-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/26210/", "reporter": "Luigi Auriemma", "references": [], "cvelist": ["CVE-2005-2791"], "lastseen": "2016-02-03T03:05:26", "viewCount": 2, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2016-02-03T03:05:26", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2791"]}, {"type": "osvdb", "idList": ["OSVDB:19075"]}], "modified": "2016-02-03T03:05:26", "rev": 2}, "vulnersScore": 7.3}, "sourceHref": "https://www.exploit-db.com/download/26210/", "sourceData": "source: http://www.securityfocus.com/bid/14690/info\r\n\r\nBFCC and BFVCC server managers are vulnerable to multiple remote vulnerabilities.\r\n\r\nThe first two issues are login bypass vulnerabilities. These issues allow remote, anonymous attackers to gain access to the affected server process.\r\n\r\nThe third issue is a design error whereby the server application implements access controls, privileges, and other commands in the client-side of the connection. This allows remote attackers to gain full administrative access to the affected application.\r\n\r\nThe fourth issue is a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle multiple connections.\r\n\r\nThese vulnerabilities allow remote attackers to gain administrative access in the affected server application, and to deny further access to the application. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/26210.zip", "osvdbidlist": ["19075"]}
{"cve": [{"lastseen": "2020-12-09T19:22:21", "description": "BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to cause a denial of service (refused new connections) via a series of connections and disconnections without sending the login command.", "edition": 5, "cvss3": {}, "published": "2005-09-02T23:03:00", "title": "CVE-2005-2791", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2791"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:bfcommand_and_control_software:bfvcc:2.00_a", "cpe:/a:bfcommand_and_control_software:bfcc:1.22_a", "cpe:/a:bfcommand_and_control_software:bfvcc:2.14_b"], "id": "CVE-2005-2791", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2791", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:bfcommand_and_control_software:bfvcc:2.14_b:*:*:*:*:*:*:*", "cpe:2.3:a:bfcommand_and_control_software:bfvcc:2.00_a:*:*:*:*:*:*:*", "cpe:2.3:a:bfcommand_and_control_software:bfcc:1.22_a:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-2791"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.bfcommandcontrol.org\n[Secunia Advisory ID:16629](https://secuniaresearch.flexerasoftware.com/advisories/16629/)\n[Related OSVDB ID: 19073](https://vulners.com/osvdb/OSVDB:19073)\n[Related OSVDB ID: 19074](https://vulners.com/osvdb/OSVDB:19074)\nOther Advisory URL: http://aluigi.altervista.org/adv/bfccown-adv.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0397.html\nISS X-Force ID: 22060\n[CVE-2005-2791](https://vulners.com/cve/CVE-2005-2791)\nBugtraq ID: 14690\n", "modified": "2005-08-29T10:05:00", "published": "2005-08-29T10:05:00", "href": "https://vulners.com/osvdb/OSVDB:19075", "id": "OSVDB:19075", "title": "BFCommand & Control Server Connection Saturation DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
