Bigantsoft: >> Bigant Server Security Vulnerabilities
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.
CVSS Score
9.8
EPSS Score
0.256
Published
2025-02-04
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-04-05
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-03-21
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
CVSS Score
8.8
EPSS Score
0.007
Published
2022-03-21
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
CVSS Score
7.5
EPSS Score
0.723
Published
2022-03-21
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
CVSS Score
5.3
EPSS Score
0.008
Published
2022-03-21
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.002
Published
2022-03-21
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-03-21
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.009
Published
2022-03-21
Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item.
CVSS Score
4.3
EPSS Score
0.038
Published
2010-03-03
Page 1