4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
7 High
AI Score
Confidence
Low
0.83 High
EPSS
Percentile
98.5%
Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
osvdb.org/37959
osvdb.org/37960
secunia.com/advisories/27095
shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html
shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html
www.securityfocus.com/bid/25948
www.securityfocus.com/bid/25949
www.vupen.com/english/advisories/2007/3388
exchange.xforce.ibmcloud.com/vulnerabilities/37012