Search
Find a vulnerability
Search criteria
20 vulnerabilities found for bigant_server by bigantsoft
CVE-2025-0364 (GCVE-0-2025-0364)
Vulnerability from nvd – Published: 2025-02-04 17:51 – Updated: 2026-05-14 02:07
VLAI
Title
BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE
Summary
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BigAntSoft | BigAnt Server |
Affected:
0 , ≤ 5.6.06
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0364",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:39:51.605821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:40:12.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/vulncheck-oss/cve-2025-0364"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigAnt Server",
"vendor": "BigAntSoft",
"versions": [
{
"lessThanOrEqual": "5.6.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bigantsoft:bigant_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.6.06",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cale Black"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eBigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the \"Cloud Storage Addin,\" leading to unauthenticated code execution.\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the \"Cloud Storage Addin,\" leading to unauthenticated code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:07:17.176Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"url": "https://vulncheck.com/advisories/big-ant-upload-rce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-0364",
"datePublished": "2025-02-04T17:51:18.472Z",
"dateReserved": "2025-01-09T16:09:37.470Z",
"dateUpdated": "2026-05-14T02:07:17.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-26281 (GCVE-0-2022-26281)
Vulnerability from nvd – Published: 2022-04-05 01:50 – Updated: 2024-08-03 04:56
VLAI
Summary
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-26281"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:07:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-26281"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-26281",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-26281"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26281",
"datePublished": "2022-04-05T01:50:35.000Z",
"dateReserved": "2022-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:56:37.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23352 (GCVE-0-2022-23352)
Vulnerability from nvd – Published: 2022-03-21 19:35 – Updated: 2024-08-03 03:36
VLAI
Summary
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:07:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23352",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23352"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23352",
"datePublished": "2022-03-21T19:35:48.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23350 (GCVE-0-2022-23350)
Vulnerability from nvd – Published: 2022-03-21 19:29 – Updated: 2024-08-03 03:36
VLAI
Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:07:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23350",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23350"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23350",
"datePublished": "2022-03-21T19:29:34.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23349 (GCVE-0-2022-23349)
Vulnerability from nvd – Published: 2022-03-21 19:26 – Updated: 2024-08-03 03:36
VLAI
Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:07:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23349",
"datePublished": "2022-03-21T19:26:28.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23348 (GCVE-0-2022-23348)
Vulnerability from nvd – Published: 2022-03-21 19:33 – Updated: 2024-08-03 03:36
VLAI
Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23348"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:06:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23348"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23348",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23348"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23348",
"datePublished": "2022-03-21T19:33:00.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23347 (GCVE-0-2022-23347)
Vulnerability from nvd – Published: 2022-03-21 19:23 – Updated: 2024-08-03 03:36Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:06:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23347",
"datePublished": "2022-03-21T19:23:37.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23346 (GCVE-0-2022-23346)
Vulnerability from nvd – Published: 2022-03-21 19:39 – Updated: 2024-08-03 03:36
VLAI
Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23346"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:06:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23346"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23346",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23346"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23346",
"datePublished": "2022-03-21T19:39:32.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23345 (GCVE-0-2022-23345)
Vulnerability from nvd – Published: 2022-03-21 19:42 – Updated: 2024-08-03 03:36
VLAI
Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:06:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23345",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23345"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23345",
"datePublished": "2022-03-21T19:42:29.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4661 (GCVE-0-2009-4661)
Vulnerability from nvd – Published: 2010-03-03 20:00 – Updated: 2024-08-07 07:08
VLAI
Summary
Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/9695 | exploitx_refsource_EXPLOIT-DB |
| http://www.exploit-db.com/exploits/9734 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9695",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9695"
},
{
"name": "9734",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9695",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9695"
},
{
"name": "9734",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9695",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9695"
},
{
"name": "9734",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4661",
"datePublished": "2010-03-03T20:00:00.000Z",
"dateReserved": "2010-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:08:38.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0364 (GCVE-0-2025-0364)
Vulnerability from cvelistv5 – Published: 2025-02-04 17:51 – Updated: 2026-05-14 02:07
VLAI
Title
BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE
Summary
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BigAntSoft | BigAnt Server |
Affected:
0 , ≤ 5.6.06
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0364",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:39:51.605821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:40:12.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/vulncheck-oss/cve-2025-0364"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigAnt Server",
"vendor": "BigAntSoft",
"versions": [
{
"lessThanOrEqual": "5.6.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bigantsoft:bigant_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.6.06",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cale Black"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eBigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the \"Cloud Storage Addin,\" leading to unauthenticated code execution.\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the \"Cloud Storage Addin,\" leading to unauthenticated code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:07:17.176Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"url": "https://vulncheck.com/advisories/big-ant-upload-rce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-0364",
"datePublished": "2025-02-04T17:51:18.472Z",
"dateReserved": "2025-01-09T16:09:37.470Z",
"dateUpdated": "2026-05-14T02:07:17.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-26281 (GCVE-0-2022-26281)
Vulnerability from cvelistv5 – Published: 2022-04-05 01:50 – Updated: 2024-08-03 04:56
VLAI
Summary
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-26281"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:07:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-26281"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-26281",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-26281"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26281",
"datePublished": "2022-04-05T01:50:35.000Z",
"dateReserved": "2022-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:56:37.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23345 (GCVE-0-2022-23345)
Vulnerability from cvelistv5 – Published: 2022-03-21 19:42 – Updated: 2024-08-03 03:36
VLAI
Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:06:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23345",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23345"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23345",
"datePublished": "2022-03-21T19:42:29.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23346 (GCVE-0-2022-23346)
Vulnerability from cvelistv5 – Published: 2022-03-21 19:39 – Updated: 2024-08-03 03:36
VLAI
Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23346"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:06:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23346"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23346",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23346"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23346",
"datePublished": "2022-03-21T19:39:32.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23352 (GCVE-0-2022-23352)
Vulnerability from cvelistv5 – Published: 2022-03-21 19:35 – Updated: 2024-08-03 03:36
VLAI
Summary
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:07:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23352",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23352"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23352",
"datePublished": "2022-03-21T19:35:48.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23348 (GCVE-0-2022-23348)
Vulnerability from cvelistv5 – Published: 2022-03-21 19:33 – Updated: 2024-08-03 03:36
VLAI
Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23348"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:06:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23348"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23348",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23348"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23348",
"datePublished": "2022-03-21T19:33:00.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23350 (GCVE-0-2022-23350)
Vulnerability from cvelistv5 – Published: 2022-03-21 19:29 – Updated: 2024-08-03 03:36
VLAI
Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:07:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23350",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23350"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23350",
"datePublished": "2022-03-21T19:29:34.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23349 (GCVE-0-2022-23349)
Vulnerability from cvelistv5 – Published: 2022-03-21 19:26 – Updated: 2024-08-03 03:36
VLAI
Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:07:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23349",
"datePublished": "2022-03-21T19:26:28.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23347 (GCVE-0-2022-23347)
Vulnerability from cvelistv5 – Published: 2022-03-21 19:23 – Updated: 2024-08-03 03:36Summary
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://bigant.com | x_refsource_MISC |
| https://github.com/bzyo/cve-pocs/tree/master/CVE-… | x_refsource_MISC |
| https://www.bigantsoft.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bigantsoft.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T13:06:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bigant.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bigantsoft.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bigant.com",
"refsource": "MISC",
"url": "http://bigant.com"
},
{
"name": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347",
"refsource": "MISC",
"url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347"
},
{
"name": "https://www.bigantsoft.com/",
"refsource": "MISC",
"url": "https://www.bigantsoft.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23347",
"datePublished": "2022-03-21T19:23:37.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:20.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4661 (GCVE-0-2009-4661)
Vulnerability from cvelistv5 – Published: 2010-03-03 20:00 – Updated: 2024-08-07 07:08
VLAI
Summary
Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/9695 | exploitx_refsource_EXPLOIT-DB |
| http://www.exploit-db.com/exploits/9734 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9695",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9695"
},
{
"name": "9734",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9695",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9695"
},
{
"name": "9734",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9695",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9695"
},
{
"name": "9734",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4661",
"datePublished": "2010-03-03T20:00:00.000Z",
"dateReserved": "2010-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:08:38.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}