Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and previous versions allow remote malicious users to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
group logic extremez-ip file server |
||
group logic extremez-ip print server |