Chilkat Software : Security Vulnerabilities, CVEs, (Directory traversal)
Directory traversal vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the operation parameter to the default URI under install/.
Max CVSS
7.5
EPSS Score
0.76%
Published
2008-04-30
Updated
2018-10-11
PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default URI under install/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
Max CVSS
7.5
EPSS Score
0.76%
Published
2008-04-30
Updated
2018-10-11
Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633.
Max CVSS
4.3
EPSS Score
1.70%
Published
2007-08-08
Updated
2017-09-29
Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method.
Max CVSS
6.4
EPSS Score
1.26%
Published
2007-07-10
Updated
2017-09-29
4 vulnerabilities found