cpe:/a:badblue:badblue:2.72b CVE-2007-6378 2007-12-14T20:46:00.000-05:00 2011-03-07T22:02:34.220-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-12-17T13:26:00.000-05:00 BUGTRAQ 20071210 Multiple vulnerabilities in BadBlue 2.72b BID 26803 SECUNIA 28031 SREASON 3448 OSVDB 42417 VUPEN ADV-2007-4160 MISC http://aluigi.altervista.org/adv/badblue-adv.txt MISC http://aluigi.org/testz/myhttpup.zip Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter.