CVE-2018-25252 FTP Voyager 16.2.0 Denial of Service via Malformed Site Profile

FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP...

CVE-2020-37214

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files...

CVE-2020-37214

CVE-2020-37214 affects Voyager 1.3.0 and is a directory traversal vulnerability in the asset path parameter used by the /admin/voyager-assets endpoint, allowing an attacker to read arbitrary files such as /etc/passwd and .env. The provided metrics show a high impact with both CVSS 3.1 (base score...

GHSA-2X3R-7JGM-GH8X Remote code execution in Voyager

Insecure Permission vulnerability found in Voyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component...