CVE-2012-6274
Bigantsoft Bigant IM Message Server - Authentication Bypass
Title source: ruleDescription
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/24528
metasploit
WORKING POC
EXCELLENT
by Hamburgers Maccoy, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/bigant_server_dupf_upload.rb
References (1)
Core 1
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/990652
Scores
EPSS
0.7534
EPSS Percentile
98.9%
Details
CWE
CWE-287
Status
published
Products (1)
bigantsoft/bigant_im_message_server
Published
Feb 24, 2013
Tracked Since
Feb 18, 2026