CVE-2012-0907

NeoAxis Web Player < 1.4 - Path Traversal and Arbitrary File Write via ZIP Archive Filename

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72427
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/neoaxis_1-adv.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/78311

Scores

EPSS 0.0148
EPSS Percentile 70.8%

Details

CWE
CWE-22
Status published
Products (4)
neoaxis/neoaxis_web_player 1.1
neoaxis/neoaxis_web_player 1.2
neoaxis/neoaxis_web_player 1.3
neoaxis/neoaxis_web_player < 1.4
Published Jan 20, 2012
Tracked Since Feb 18, 2026