4
CVE-2007-5320
- EPSS 6.51%
- Veröffentlicht 09.10.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:52
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pegasus Imaging ≫ Imagxpress Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.51% | 0.929 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 4.9 | 4.9 |
AV:N/AC:H/Au:N/C:N/I:P/A:P
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
http://osvdb.org/37959
http://osvdb.org/37960
http://secunia.com/advisories/27095
http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html
http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html
http://www.securityfocus.com/bid/25948
http://www.securityfocus.com/bid/25949
http://www.vupen.com/english/advisories/2007/3388
https://exchange.xforce.ibmcloud.com/vulnerabilities/37012