Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| soliton | filezen | * |
FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| soliton | filezen | * |
Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| soliton | filezen | * |
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| soliton | filezen | * |
"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure χ versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| soliton | zerona_plus | * |
| skygroup | edr_plus_pack | 3.5.0 |
| nec | actsecure_x_managed_security_service | * |
| skygroup | edr_plus_pack | * |
| soliton | infotrace_mark_ii_malware_protection | * |
| skygroup | edr_plus_pack_cloud | * |
| ffri | ffri_yarai | * |
| soliton | zerona | * |
| ffri | ffri_yarai | 3.5.0 |
| skygroup | edr_plus_pack_cloud | 3.5.0 |
| ffri | dual_safe | 1.4.1 |
| ffri | ffri_yarai | 1.4.0 |
| nec | actsecure_x_managed_security_service | 3.5.0 |
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| soliton | filezen | * |
The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| soliton | securebrowser_for_onegate | 1.0.0 |
| soliton | securebrowser_ii | * |
| soliton | secureworkspace | * |