CVE-2002-0325

Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL.

CVE-2002-1023

BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI.

CVE-2004-1727

BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.

CVE-2002-2289

soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.

CVE-2001-1140

BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.

CVE-2002-1684

Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents.

CVE-2004-2374

BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.

CVE-2002-0800

BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end.

CVE-2002-1021

BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte.