Computer Security
[EN] no-pyccku

WD Arkeia Network Backup security vulnerabilities
SecurityVulns ID:13716
Threat Level:
Description:Code execution, directory traversal.
Affected:WD : Arkeia 10.2
CVE:CVE-2014-2846 (Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances (04.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod