Voyager Security Vulnerabilities

CVE-2020-36070

Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media...

CVE-2014-125074

A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The identifier of the patch is...

CVE-2019-17050

An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production...

CVE-2016-6564

Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as...

CVE-2017-6803

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3)...

CVE-2010-4154

Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a ".." (dot dot backslash) in a...

CVE-2007-1079

Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the...

CVE-2006-3561

BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2)...

CVE-2004-0616

The BT Voyager 2000 Wireless ADSL Router has a default public SNMP community name, which allows remote attackers to obtain sensitive information such as the password, which is stored in...

CVE-2001-1103

FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary...

CVE-2000-0903

Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot)...

CVE-2000-0905

QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web...

CVE-2000-0904

Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that...