22 matches found
EUVD-2001-0276
Malware in sbrugna...
EUVD-2001-0277
Malware in sbrugna...
EUVD-2002-1666
Malware in sbrugna...
Working Resources BadBlue 1.7.1 Search Page Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6253/info The ext.dll ISAPI does not sufficiently sanitize user-supplied input when processing search queries. This may allow an attacker to create a custom URL containing script code that, when viewed in a browser by a...
Working Resources 1.7.x/2.15 BadBlue Ext.DLL Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7387/info BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access. This is due to an input validation issue in the 'ext.dll' component that could allow a remote attacker to cause...
BadBlue 2.72b PassThru Buffer Overflow
No description provided by source. $Id: badbluepassthru.rb 9744 2010-07-08 23:34:50Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
BadBlue 2.72b PassThru Buffer Overflow
This module exploits a stack buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :pattern = /BadBlue//...
CVE-2007-6377
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string...
CVE-2007-6377
This CVE describes a stack-based buffer overflow in the PassThru functionality of ext.dll in BadBlue 2.72b and earlier. The root cause is a overflow triggered by a long query string, allowing remote attackers to execute arbitrary code. Public exploit references exist (e.g., Metasploit module BadB...
CVE-2002-1685
CVE-2002-1685 : BadBlue Enterprise Edition and Personal Edition versions 1.7 and 1.7.2 are affected by a cross-site scripting (XSS) vulnerability in the ext.dll ISAPI. The flaw enables an attacker to execute arbitrary script in the context of other users by injecting script via the ext.dll ISAPI ...
CVE-2005-0595
Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter...
CVE-2005-0595
CVE-2005-0595 is a public buffer-overflow vulnerability in BadBlue 2.55/2.5 where ext.dll overflows via a long mfcisapicommand parameter, enabling remote code execution. Public disclosures include SPL/Metasploit-era exploits (BadBlue 2.5 EXT.dll Buffer Overflow) and OSVDB/BID/CVE references; CIRC...
Badblue Web server ext.dll buffer overflow
Buffer overflow on oversized ext.dll mfcisapicommand parameter...
Working Resources 1.7.x/2.15 BadBlue - 'ext.dll' Command Execution
source: https://www.securityfocus.com/bid/7387/info BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access. This is due to an input validation issue in the 'ext.dll' component that could allow a remote attacker to cause '.hts' files to be interpreted by...
CVE-2002-1685
Cross-site scripting vulnerability XSS in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI...
Technical Details of BadBlue EXT.DLL Vulnerability
Several days ago, I reported a vulnerability in the EXT.DLL ISAPI of BadBlue. BadBlue 1.7.3 has now been released by the vendor Working Resources at http://www.badblue.com/down.htm for administrators to upgrade their systems. The vulnerability exists in how EXT.DLL sanitizes input for HTX/HTS...
CVE-2001-0276
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path...
CVE-2001-0276
The vulnerability CVE-2001-0276 affects BadBlue Personal Edition (1.02.07) where ext.dll can be invoked directly without arguments, causing an error message that reveals the server’s physical path. This is a path disclosure issue in the web server software. The available connected documents confi...
CVE-2001-0276
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path...
CVE-2001-0277
Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request...