Описание
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll.
Комментарий
Per http://secunia.com/advisories/26243/, update to version 3.0.6.1 found at: http://www.nessus.org/download/
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:nessus:vulnerability_scanner:3.0.6:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.07516
Низкий
7.8 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll.
EPSS
Процентиль: 92%
0.07516
Низкий
7.8 High
CVSS2
Дефекты
CWE-22