VulnCheck KEV: CVE-2012-4940

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in 1 the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName...

Axigen Arbitrary File Read And Delete

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axigen Arbitrary File Read and Delete', 'Description' = %q This module exploits a directory traversal vulnerability in the WebAdmin interface of...

Axigen Arbitrary File Read and Delete

This module exploits a directory traversal vulnerability in the WebAdmin interface of Axigen, which allows an authenticated user to read and delete arbitrary files with SYSTEM privileges. The vulnerability is known to work on Windows platforms. This module has been tested successfully on Axigen...

CVE-2012-4940

CVE-2012-4940 describes directory traversal vulnerabilities in Axigen Mail Server’s View Log Files component, allowing unauthenticated (per CERT entry) or authenticated users to read or delete arbitrary files via dot-dot sequences in the fileName parameter (download, edit, or delete actions) to t...

CVE-2012-4940

creationtimestamp| type| source ---|---|--- 2012-10-31 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/37996 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/axigenfileaccess.rb 2025-02-06 03:13:40+00:00| seen|...