3 matches found
Emerson Network Power Avocent MergePoint Unity KVM Switch < 1.14 / 1.18 download.php filename Parameter Directory Traversal
The remote host is an Emerson Network Power Avocent MergePoint Unity KVM Switch with a firmware version prior to 1.14 or 1.18. It is, therefore, affected by a directory traversal vulnerability due to a failure to sanitize user-supplied input to the 'filename' parameter of the 'download.php' scrip...
CVE-2013-6030
CVE-2013-6030 affects the Emerson Network Power Avocent MergePoint Unity 2016 KVM Switch (MPU2016). A directory traversal vulnerability exists in the download.php handler due to insufficient sanitization of the filename parameter, enabling reading of arbitrary files (e.g., “/etc/passwd”). Affecte...
Emerson Network Power Avocent MergePoint Unity 2016 KVM and possibly other model switches contain a directory traversal vulnerability
Overview Emerson Network Power Avocent MergePoint Unity 2016 KVM and possibly other model switches running firmware version 1.9.16473 and possibly previous versions contain a directory traversal vulnerability CWE-23. Description CWE-23: Relative Path Traversal Emerson Network Power Avocent...