[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-5320

Date: (C)2007-10-09   (M)2017-07-31 


Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).

CVSS Score: 4.0Access Vector: NETWORK
Exploit Score: 4.9Access Complexity: HIGH
Impact Score: 4.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-25948
BID-25949
SECUNIA-27095
OSVDB-37959
OSVDB-37960
ADV-2007-3388
http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html
http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html
imagxpress-imagxpress8-file-overwrite(37012)

CWE    1
CWE-22

© 2013 SecPod Technologies