Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0907

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-0907
Last Modified 23 Jan 2012 12:00:00
Published 20 Jan 2012 12:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0907

Summary

Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive.

Vulnerable Systems

Application

  • Neoaxis Web Player 1.1

  • Neoaxis Web Player 1.2

  • Neoaxis Web Player 1.3

  • Neoaxis Web Player 1.4


References

XF - neoaxis-neoaxis-directory-traversal(72427)

OSVDB - 78311

MISC - http://aluigi.altervista.org/adv/neoaxis_1-adv.txt


Last Updated: 27 May 2016 10:57:22