Vulnerabilities (CVE)

Filtered by vendor Xangati Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0359 1 Xangati 2 Xangati Software Release, Xangati Xnr 2024-02-28 9.0 HIGH N/A
Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.
CVE-2014-0358 1 Xangati 2 Xangati Software Release, Xangati Xnr 2024-02-28 7.8 HIGH N/A
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.