Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
osvdb.org/37959
osvdb.org/37960
secunia.com/advisories/27095
shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html
shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html
www.securityfocus.com/bid/25948
www.securityfocus.com/bid/25949
www.vupen.com/english/advisories/2007/3388
exchange.xforce.ibmcloud.com/vulnerabilities/37012