BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378.
Max CVSS
7.5
EPSS Score
0.94%
Published
2008-04-28
Updated
2018-10-11
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.53%
Published
2007-12-15
Updated
2018-10-15
Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter.
Max CVSS
7.5
EPSS Score
1.43%
Published
2007-12-15
Updated
2018-10-15

CVE-2007-6377

Public exploit
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
Max CVSS
7.5
EPSS Score
92.16%
Published
2007-12-15
Updated
2018-10-15
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!