ALT-PU-2014-1328-1
Closed vulnerabilities
Published: 2013-10-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-4173
Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.
Severity: MEDIUM (5.0)
References:
- http://sourceforge.net/projects/xymon/files/Xymon/4.3.12/
- http://sourceforge.net/projects/xymon/files/Xymon/4.3.12/
- MDVSA-2013:213
- MDVSA-2013:213
- [oss-security] 20130727 Re: CVE Request: Xymon Systems and Network Monitor - remote file deletion vulnerability
- [oss-security] 20130727 Re: CVE Request: Xymon Systems and Network Monitor - remote file deletion vulnerability