Vulnerabilities > Bigantsoft

DATE CVE VULNERABILITY TITLE RISK
2022-04-07 CVE-2021-43430 Unrestricted Upload of File with Dangerous Type vulnerability in Bigantsoft Bigant Office Messenger 5 5.6
An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files.
network
low complexity
bigantsoft CWE-434
6.5
2022-04-05 CVE-2022-26281 Incorrect Permission Assignment for Critical Resource vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
network
low complexity
bigantsoft CWE-732
7.5
2022-03-21 CVE-2022-23345 Missing Authentication for Critical Function vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
network
low complexity
bigantsoft CWE-306
7.5
2022-03-21 CVE-2022-23346 Unrestricted Upload of File with Dangerous Type vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
network
low complexity
bigantsoft CWE-434
6.5
2022-03-21 CVE-2022-23347 Path Traversal vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
network
low complexity
bigantsoft CWE-22
5.0
2022-03-21 CVE-2022-23348 Use of Password Hash With Insufficient Computational Effort vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
network
low complexity
bigantsoft CWE-916
5.0
2022-03-21 CVE-2022-23349 Cross-Site Request Forgery (CSRF) vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
6.8
2022-03-21 CVE-2022-23350 Cross-site Scripting vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
network
bigantsoft CWE-79
3.5
2022-03-21 CVE-2022-23352 Infinite Loop vulnerability in Bigantsoft Bigant Server 5.6.06
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
network
low complexity
bigantsoft CWE-835
5.0
2013-02-24 CVE-2012-6275 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bigantsoft Bigant IM Message Server
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.
network
low complexity
bigantsoft CWE-119
critical
10.0