Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xangati XSR和XNR 目录遍历漏洞
Vulnerability Description
Xangati XSR和XNR都是美国Xangati公司的虚拟化工作负载性能管理软件。该软件通过仪表盘的健康指数、警报和DVR录像来显示虚拟化工作负载。 Xangati XSR 11之前的版本和XNR 7之前的版本中存在目录遍历漏洞,该漏洞源于当执行getUpgradeStatus操作时,servlet/MGConfigData页面没有充分过滤‘file’参数;当执行download操作时,servlet/MGConfigData页面没有充分过滤‘download’参数;当执行port_svc操作时,se
CVSS Information
N/A
Vulnerability Type
N/A