2 matches found
CVE-2014-9375
Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. dot dot in a file path in a ZIP archive...
CVE-2014-9375
Lexmark Markvision Enterprise’s LibraryFileUploadServlet is vulnerable to a directory-traversal in ZIP processing. A crafted ZIP can write arbitrary files and allow remote code execution. ZDI-15-046 reports that authentication is not required and an attacker could upload files to arbitrary locati...