RSS   Vulnerabilities for 'Arkeia virtual appliance'   RSS

2014-04-28
 
CVE-2014-2846

CWE-22
 

 
Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.

 

 >>> Vendor: WDC 11 Products
My net n600
My net n750
My net n900
My net n900c
My net firmware
Arkeia virtual appliance
Arkeia virtual appliance firmware
My cloud pr4100 firmware
My cloud firmware
Tv live hub firmware
Tv media player firmware


Copyright 2018, cxsecurity.com

 

Back to Top