Boa

boa

Vendor: Boa • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45956 1Boa 1Boa Apr 22, 2025 Dec 12, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.
CVE-2022-44117 1Boa 1Boa Nov 21, 2024 Nov 23, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL.
CVE-2021-33558 1Boa 1Boa Nov 21, 2024 May 27, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third part...Show more Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.Show less
CVE-2018-21028 1Boa 1Boa Nov 21, 2024 Oct 11, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function.
CVE-2018-21027 1Boa 1Boa Nov 21, 2024 Oct 11, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.
CVE-2017-9833 1Boa 1Boa May 13, 2026 Jun 24, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator iss...Show more /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.Show less
CVE-2016-9564 1Boa 1Boa May 6, 2026 Nov 30, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.
CVE-2009-4496 1Boa 1Boa Apr 23, 2026 Jan 13, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP...Show more Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.Show less