working resources inc.

Top products

The 15 most recently published vulnerabilities affecting working resources inc..

• CVE-2002-2289soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.5.0Oct 18, 2007
• CVE-2002-2170Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, wh...7.5Nov 16, 2005
• CVE-2004-2374BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.5.0Aug 16, 2005
• CVE-2002-1973Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in ...7.5Jun 28, 2005
• CVE-2002-1685Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into...4.3Jun 21, 2005
• CVE-2002-1684Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (...5.0Jun 21, 2005
• CVE-2002-1683Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function.4.3Jun 21, 2005
• CVE-2005-0595Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.7.5Mar 1, 2005
• CVE-2004-1727BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.5.0Feb 26, 2005
• CVE-2002-1541BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash).7.5Sep 1, 2004
• CVE-2003-0332The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attacker...7.6May 22, 2003
• CVE-2002-1023BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI.5.0Aug 31, 2002
• CVE-2002-1022BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges.7.5Aug 31, 2002
• CVE-2002-1021BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte.5.0Aug 31, 2002
• CVE-2002-0800BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end.5.0Jul 26, 2002