Lucene search

MitreCVE-2007-4842

HistorySep 12, 2007 - 8:17 p.m.

CVE-2007-4842

2007-09-1220:17:00

CWE-22

mitre

web.nvd.nist.gov

cve-2007-4842

vulnerability

enriva development magellan explorer

directory traversal

remote ftp servers

arbitrary files

code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.011

Percentile

84.5%

JSON

Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a … (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected configurations

Nvd

Node

enriva_developmentmagellan_explorerRange≤3.32_build2305

VendorProductVersionCPE
enriva_developmentmagellan_explorer*cpe:2.3:a:enriva_development:magellan_explorer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
enriva_development	magellan_explorer	*	cpe:2.3:a:enriva_development:magellan_explorer::::::::

References

blog.hispasec.com/lab/advisories/adv_MagellanExplorer_3_32_Remote_Traversal.txt

osvdb.org/40501

secunia.com/advisories/26737

securityreason.com/securityalert/3123

www.securityfocus.com/archive/1/478755/100/0/threaded

www.securitytracker.com/id?1018661

www.vupen.com/english/advisories/2007/3103

exchange.xforce.ibmcloud.com/vulnerabilities/36499

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.011

Percentile

84.5%

JSON

Related for CVE-2007-4842