JVN#84335912: File Explorer vulnerable to directory traversal

File Explorer provided by NextApp, Inc. contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileg...

NextApp Echo XML解析本地文件泄露漏洞

BUGTRAQ ID: 34060 Echo是用于构建基于Web应用的平台。 Echo引擎没有正确地过滤XML输入，所有发送给Echo框架的XML请求都是由JavaScript创建的并通过POST HTTP请求发送给服务器。以下是典型的请求示例： ---cut here--- client-message xmlns="http://www.nextapp.com/products/echo2/climsg" trans-id="3" focus="c25"message-part xmlns="" processor="EchoPropertyUpdate"property...