Vulnerabilities > Bigantsoft > Bigant Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-21 CVE-2022-23346 Unrestricted Upload of File with Dangerous Type vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
network
low complexity
bigantsoft CWE-434
6.5
2022-03-21 CVE-2022-23347 Path Traversal vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
network
low complexity
bigantsoft CWE-22
5.0
2022-03-21 CVE-2022-23348 Use of Password Hash With Insufficient Computational Effort vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
network
low complexity
bigantsoft CWE-916
5.0
2022-03-21 CVE-2022-23349 Cross-Site Request Forgery (CSRF) vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
6.8
2022-03-21 CVE-2022-23352 Infinite Loop vulnerability in Bigantsoft Bigant Server 5.6.06
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
network
low complexity
bigantsoft CWE-835
5.0
2010-03-03 CVE-2009-4661 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bigantsoft Bigant Server
Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item.
4.3