CVE-2012-0907
NeoAxis Web Player < 1.4 - Path Traversal and Arbitrary File Write via ZIP Archive Filename
Title source: llmDescription
Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72427
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/neoaxis_1-adv.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/78311
Scores
EPSS
0.0148
EPSS Percentile
70.8%
Details
CWE
CWE-22
Status
published
Products (4)
neoaxis/neoaxis_web_player
1.1
neoaxis/neoaxis_web_player
1.2
neoaxis/neoaxis_web_player
1.3
neoaxis/neoaxis_web_player
< 1.4
Published
Jan 20, 2012
Tracked Since
Feb 18, 2026