Vulnerabilities > BOA
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-12 | CVE-2022-45956 | Incorrect Authorization vulnerability in BOA 0.94.13/0.94.14 Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. | 5.3 |
2022-11-23 | CVE-2022-44117 | SQL Injection vulnerability in BOA 0.94.14.21 Boa 0.94.14rc21 is vulnerable to SQL Injection via username. | 9.8 |
2021-05-27 | CVE-2021-33558 | Unspecified vulnerability in BOA 0.94.13 Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. | 7.5 |
2019-10-11 | CVE-2018-21028 | Missing Release of Resource after Effective Lifetime vulnerability in BOA Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function. | 5.0 |
2019-10-11 | CVE-2018-21027 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in BOA Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled. | 7.5 |
2017-06-24 | CVE-2017-9833 | Path Traversal vulnerability in BOA 0.94.14.21 /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. | 7.5 |
2016-11-30 | CVE-2016-9564 | Improper Input Validation vulnerability in BOA 0.92R Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. | 7.5 |
2010-01-13 | CVE-2009-4496 | Improper Input Validation vulnerability in BOA 0.94.14Rc21 Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | 5.0 |
2007-09-17 | CVE-2007-4915 | Improper Input Validation vulnerability in BOA Webserver 0.93.15 The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request. | 10.0 |
2000-12-19 | CVE-2000-0920 | Unspecified vulnerability in BOA Webserver Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. | 5.0 |