boa 漏洞与 CVE 列表(10)

产品(CPE): — CVE 数: 10

boa 漏洞概览

汇总 boa 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 输入验证问题、SQL 注入、路径处理缺陷与缓冲区溢出,在 生产负载与软件部署 使用场景中可能带来 内存损坏、文件覆盖与数据泄露 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 11010 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2022-45956 Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. [email protected] 5.3 0.82% 2022-12-12 2026-06-17
CVE-2022-44117 Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL. [email protected] 9.8 0.68% 2022-11-23 2026-06-17
CVE-2021-33558 Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa. [email protected] 7.5 10.33% 2021-05-27 2026-06-16
CVE-2018-21028 Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function. [email protected] 7.5 2.07% 2019-10-11 2026-06-16
CVE-2018-21027 Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled. [email protected] 9.8 2.35% 2019-10-11 2026-06-16
CVE-2017-9833 /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable. [email protected] 7.5 67.73% 2017-06-23 2026-06-16
CVE-2016-9564 Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. [email protected] 7.5 1.44% 2016-11-30 2026-06-16
CVE-2009-4496 Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. [email protected] 5.0 12.08% 2010-01-13 2026-06-16
CVE-2007-4915 The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request. [email protected] 10.0 67.65% 2007-09-17 2026-06-16
CVE-2000-0920 Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "." [email protected] 5.0 8.36% 2000-12-19 2026-06-16
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence