Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Working Resources BadBlue目录遍历漏洞
Vulnerability Description
Working Resources BadBlue是一个用来共享资源的Web服务器,运行于Windows平台,它的文件共享功能是通过一个叫"ext.dll"文件来实现的。 BadBlue实现上存在漏洞,远程攻击者可以读取主机上的任意文件和目录。 虽然Web服务器本身会检测直接的HTTP请求中"../"的目录遍历攻击,但它并不检查发往其用于读取Microsoft Office文件的脚本程序的参数中是否包含这类字串,因此使利用脚本遍历主机上的目录和文件成为可能。
CVSS Information
N/A
Vulnerability Type
N/A