CVE-2007-5320

Pegasus Imaging Imagxpress - Path Traversal

Title source: rule

Description

Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4488

View Code ZIP pw:eip

References (9)

[Exploit] http://www.securityfocus.com/bid/25948

[Exploit] http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html

[Exploit] http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/37012

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25949

[Third Party Advisory, VDB Entry] http://osvdb.org/37959

[Vendor Advisory] http://secunia.com/advisories/27095

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3388

[Third Party Advisory, VDB Entry] http://osvdb.org/37960

Scores

EPSS 0.0570

EPSS Percentile 90.4%

Details

CWE

CWE-22

Status published

Products (1)

pegasus_imaging/imagxpress 8.0

Published Oct 09, 2007

Tracked Since Feb 18, 2026