Vulnerabilities > Bigantsoft

DATE CVE VULNERABILITY TITLE RISK
2022-04-07 CVE-2021-43430 Unrestricted Upload of File with Dangerous Type vulnerability in Bigantsoft Bigant Office Messenger 5 5.6
An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files.
network
low complexity
bigantsoft CWE-434
8.8
2022-04-05 CVE-2022-26281 Incorrect Permission Assignment for Critical Resource vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
network
low complexity
bigantsoft CWE-732
7.5
2022-03-21 CVE-2022-23345 Missing Authentication for Critical Function vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
network
low complexity
bigantsoft CWE-306
7.5
2022-03-21 CVE-2022-23346 Unrestricted Upload of File with Dangerous Type vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
network
low complexity
bigantsoft CWE-434
8.8
2022-03-21 CVE-2022-23347 Path Traversal vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
network
low complexity
bigantsoft CWE-22
7.5
2022-03-21 CVE-2022-23348 Use of Password Hash With Insufficient Computational Effort vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
network
low complexity
bigantsoft CWE-916
5.3
2022-03-21 CVE-2022-23349 Cross-Site Request Forgery (CSRF) vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
network
low complexity
bigantsoft CWE-352
8.8
2022-03-21 CVE-2022-23350 Cross-site Scripting vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
network
low complexity
bigantsoft CWE-79
5.4
2022-03-21 CVE-2022-23352 Infinite Loop vulnerability in Bigantsoft Bigant Server 5.6.06
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
network
low complexity
bigantsoft CWE-835
7.5