Boa: >> Boa Webserver Security Vulnerabilities
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request.
CVSS Score
10.0
EPSS Score
0.786
Published
2007-09-17
Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "."
CVSS Score
5.0
EPSS Score
0.058
Published
2000-12-19