3 matches found
CVE-2015-4670
Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit aka AjaxControlToolkit before 15.1 allows remote attackers to write to arbitrary files via a .. dot dot in the fileId parameter to AjaxFileUploadHandler.axd...
CVE-2015-4670
CVE-2015-4670 affects the AjaxFileUpload control in the AjaxControlToolkit (Ajax Control Toolkit) before 15.1. The issue: the uploaded file’s fileId GUID is not validated, allowing directory traversal with “..” to write files to arbitrary locations via AjaxFileUploadHandler.axd. Veracode and rela...
CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal
The AjaxControlToolkit prior to version 15.1 has a file upload directory traversal vulnerability which on a poorly configured web server can lead to remote code execution. The issue affects any application using the AjaxFileUpload control. The vulnerability arises because the...