Bigantsoft

bigantsoft

17 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Bigant Im Message Server

bigant_im_message_server

Bigant Messenger

bigant_messenger

Bigant Office Messenger 5

bigant_office_messenger_5

CVEs (17)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-0364 1Bigantsoft 1Bigant Server Sep 29, 2025 Feb 4, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through...Show more BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.Show less
CVE-2024-54761 1Bigantsoft 1Bigant Office Messenger 5 Sep 29, 2025 Jan 9, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.
CVE-2021-43430 1Bigantsoft 1Bigant Office Messenger 5 Nov 21, 2024 Apr 7, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files.
CVE-2022-26281 1Bigantsoft 1Bigant Server Nov 21, 2024 Apr 5, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
CVE-2022-23352 1Bigantsoft 1Bigant Server Nov 21, 2024 Mar 21, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
CVE-2022-23350 1Bigantsoft 1Bigant Server Nov 21, 2024 Mar 21, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVE-2022-23349 1Bigantsoft 1Bigant Server Nov 21, 2024 Mar 21, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
CVE-2022-23348 1Bigantsoft 1Bigant Server Nov 21, 2024 Mar 21, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
CVE-2022-23347 1Bigantsoft 1Bigant Server Nov 21, 2024 Mar 21, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
CVE-2022-23346 1Bigantsoft 1Bigant Server Nov 21, 2024 Mar 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
CVE-2022-23345 1Bigantsoft 1Bigant Server Nov 21, 2024 Mar 21, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
CVE-2012-6275 1Bigantsoft 1Bigant Im Message Server Apr 29, 2026 Feb 24, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in...Show more Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.Show less
CVE-2012-6274 1Bigantsoft 1Bigant Im Message Server Apr 29, 2026 Feb 24, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
CVE-2012-6273 1Bigantsoft 1Bigant Im Message Server Apr 29, 2026 Feb 24, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request.
CVE-2009-4661 1Bigantsoft 1Bigant Server Apr 29, 2026 Mar 3, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim us...Show more Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item.Show less
CVE-2009-4660 1Bigantsoft 1Bigant Messenger Apr 29, 2026 Mar 3, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660.
CVE-2008-1914 1Bigantsoft 1Bigant Messenger Apr 23, 2026 Apr 22, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some o...Show more Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from third party information.Show less