3 matches found
CVE-2020-35284
Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...
CVE-2020-35284
CVE-2020-35284 affects Flamingo (aka FlamingoIM). The vulnerability allows directory traversal (via ../) in file-transfer requests; the issue arises because the only ostensibly unpredictable part is an MD5 computation that runs on the client side, and the computation details can be inferred from ...
CVE-2020-35284
Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...