2 matches found
CVE-2014-3806
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. dot dot in the xmlpath parameter...
CVE-2014-3806
Summary: CVE-2014-3806 is a directory traversal vulnerability in VMTurbo Operations Manager prior to 4.6. The issue occurs in the CGI path cgi-bin/help/doIt.cgi via the xml_path parameter, where a leading dot-dot (..) can be used to read arbitrary files. The vulnerability is remote and affects th...