CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-0907

Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.6%

CVSS Severity

CVSS v2 Score 5.8

References

http://aluigi.altervista.org/adv/neoaxis_1-adv.txt
http://osvdb.org/78311
https://exchange.xforce.ibmcloud.com/vulnerabilities/72427
http://aluigi.altervista.org/adv/neoaxis_1-adv.txt
http://osvdb.org/78311
https://exchange.xforce.ibmcloud.com/vulnerabilities/72427

Products affected by CVE-2012-0907

Neoaxis » Neoaxis Web Player » Version: Any

cpe:2.3:a:neoaxis:neoaxis_web_player:*
Neoaxis » Neoaxis Web Player » Version: 1.1

cpe:2.3:a:neoaxis:neoaxis_web_player:1.1
Neoaxis » Neoaxis Web Player » Version: 1.2

cpe:2.3:a:neoaxis:neoaxis_web_player:1.2
Neoaxis » Neoaxis Web Player » Version: 1.3

cpe:2.3:a:neoaxis:neoaxis_web_player:1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-0907

Products

Pricing

Contact Us