Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by badblue
CVE-2008-2003 (GCVE-0-2008-2003)
Vulnerability from cvelistv5 – Published: 2008-04-28 18:21 – Updated: 2024-08-07 08:41
VLAI
Summary
BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3832 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/491282/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-04-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3832",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3832"
},
{
"name": "badblue-multiple-weak-security(42090)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42090"
},
{
"name": "20080424 DDIVRT-2008-11 BadBlue uninst.exe DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491282/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3832",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3832"
},
{
"name": "badblue-multiple-weak-security(42090)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42090"
},
{
"name": "20080424 DDIVRT-2008-11 BadBlue uninst.exe DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491282/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3832",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3832"
},
{
"name": "badblue-multiple-weak-security(42090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42090"
},
{
"name": "20080424 DDIVRT-2008-11 BadBlue uninst.exe DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491282/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2003",
"datePublished": "2008-04-28T18:21:00.000Z",
"dateReserved": "2008-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:41:00.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6377 (GCVE-0-2007-6377)
Vulnerability from cvelistv5 – Published: 2007-12-15 01:00 – Updated: 2024-08-07 16:02
VLAI
Summary
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://aluigi.altervista.org/poc/badbluebof.txt | x_refsource_MISC |
| http://securityreason.com/securityalert/3448 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/28031 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/42416 | vdb-entryx_refsource_OSVDB |
| https://www.exploit-db.com/exploits/4784 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/26803 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/484834/100… | mailing-listx_refsource_BUGTRAQ |
| http://aluigi.altervista.org/adv/badblue-adv.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2007/4160 | vdb-entryx_refsource_VUPEN |
Date Public
2007-12-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/poc/badbluebof.txt"
},
{
"name": "3448",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3448"
},
{
"name": "28031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28031"
},
{
"name": "42416",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42416"
},
{
"name": "4784",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4784"
},
{
"name": "26803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26803"
},
{
"name": "20071210 Multiple vulnerabilities in BadBlue 2.72b",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484834/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/badblue-adv.txt"
},
{
"name": "ADV-2007-4160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/poc/badbluebof.txt"
},
{
"name": "3448",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3448"
},
{
"name": "28031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28031"
},
{
"name": "42416",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42416"
},
{
"name": "4784",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4784"
},
{
"name": "26803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26803"
},
{
"name": "20071210 Multiple vulnerabilities in BadBlue 2.72b",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484834/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/badblue-adv.txt"
},
{
"name": "ADV-2007-4160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/poc/badbluebof.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/poc/badbluebof.txt"
},
{
"name": "3448",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3448"
},
{
"name": "28031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28031"
},
{
"name": "42416",
"refsource": "OSVDB",
"url": "http://osvdb.org/42416"
},
{
"name": "4784",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4784"
},
{
"name": "26803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26803"
},
{
"name": "20071210 Multiple vulnerabilities in BadBlue 2.72b",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484834/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/badblue-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/badblue-adv.txt"
},
{
"name": "ADV-2007-4160",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6377",
"datePublished": "2007-12-15T01:00:00.000Z",
"dateReserved": "2007-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6379 (GCVE-0-2007-6379)
Vulnerability from cvelistv5 – Published: 2007-12-15 01:00 – Updated: 2024-08-07 16:02
VLAI
Summary
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3448 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/28031 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/42418 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/26803 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/484834/100… | mailing-listx_refsource_BUGTRAQ |
| http://aluigi.altervista.org/adv/badblue-adv.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2007/4160 | vdb-entryx_refsource_VUPEN |
Date Public
2007-12-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3448",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3448"
},
{
"name": "28031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28031"
},
{
"name": "42418",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42418"
},
{
"name": "26803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26803"
},
{
"name": "20071210 Multiple vulnerabilities in BadBlue 2.72b",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484834/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/badblue-adv.txt"
},
{
"name": "ADV-2007-4160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3448",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3448"
},
{
"name": "28031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28031"
},
{
"name": "42418",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42418"
},
{
"name": "26803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26803"
},
{
"name": "20071210 Multiple vulnerabilities in BadBlue 2.72b",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484834/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/badblue-adv.txt"
},
{
"name": "ADV-2007-4160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3448",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3448"
},
{
"name": "28031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28031"
},
{
"name": "42418",
"refsource": "OSVDB",
"url": "http://osvdb.org/42418"
},
{
"name": "26803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26803"
},
{
"name": "20071210 Multiple vulnerabilities in BadBlue 2.72b",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484834/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/badblue-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/badblue-adv.txt"
},
{
"name": "ADV-2007-4160",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6379",
"datePublished": "2007-12-15T01:00:00.000Z",
"dateReserved": "2007-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6378 (GCVE-0-2007-6378)
Vulnerability from cvelistv5 – Published: 2007-12-15 01:00 – Updated: 2024-08-07 16:02
VLAI
Summary
Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3448 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/28031 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/42417 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/26803 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/484834/100… | mailing-listx_refsource_BUGTRAQ |
| http://aluigi.altervista.org/adv/badblue-adv.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2007/4160 | vdb-entryx_refsource_VUPEN |
| http://aluigi.org/testz/myhttpup.zip | x_refsource_MISC |
Date Public
2007-12-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3448",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3448"
},
{
"name": "28031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28031"
},
{
"name": "42417",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42417"
},
{
"name": "26803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26803"
},
{
"name": "20071210 Multiple vulnerabilities in BadBlue 2.72b",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484834/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/badblue-adv.txt"
},
{
"name": "ADV-2007-4160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4160"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/testz/myhttpup.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3448",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3448"
},
{
"name": "28031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28031"
},
{
"name": "42417",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42417"
},
{
"name": "26803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26803"
},
{
"name": "20071210 Multiple vulnerabilities in BadBlue 2.72b",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484834/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/badblue-adv.txt"
},
{
"name": "ADV-2007-4160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4160"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/testz/myhttpup.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3448",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3448"
},
{
"name": "28031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28031"
},
{
"name": "42417",
"refsource": "OSVDB",
"url": "http://osvdb.org/42417"
},
{
"name": "26803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26803"
},
{
"name": "20071210 Multiple vulnerabilities in BadBlue 2.72b",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484834/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/badblue-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/badblue-adv.txt"
},
{
"name": "ADV-2007-4160",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4160"
},
{
"name": "http://aluigi.org/testz/myhttpup.zip",
"refsource": "MISC",
"url": "http://aluigi.org/testz/myhttpup.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6378",
"datePublished": "2007-12-15T01:00:00.000Z",
"dateReserved": "2007-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}