Description
GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Nov/87
Various Sources x_refsource_confirm
http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html
Scores
EPSS
0.0183
EPSS Percentile
76.3%
Details
CWE
CWE-200
Status
published
Products (6)
gleamtech/filevista
6.0
gleamtech/filevista
6.0.5
gleamtech/filevista
6.0.6
gleamtech/filevista
6.0.7
gleamtech/filevista
6.0.8
gleamtech/filevista
< 6.0.9
Published
Dec 02, 2014
Tracked Since
Feb 18, 2026