RSS   Vulnerabilities for 'Nweb2fax'   RSS

2009-04-08
 
CVE-2008-6669

 

 
viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action.

 
 
CVE-2008-6668

 

 
Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename parameter to viewrq.php.

 


Copyright 2019, cxsecurity.com

 

Back to Top