CVE-2007-5815 – SonicWALL SSL VPN 1.3 3 WebCacheCleaner - ActiveX FileDelete Method Traversal Arbitrary File Deletion

https://notcve.org/view.php?id=CVE-2007-5815

Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. Vulnerabilidad de salto de directorio absoluto en el control ActiveX WebCacheCleaner .13.0.3 de SonicWall SSL-VPN 200 anterior a 2.1, y SSL-VPN 2000/4000 anterior a 2.5, permite a atacantes remotos borrar archivos de su elección mediante un nombre de ruta completo en el argumento del método FileDelete. • https://www.exploit-db.com/exploits/30730 http://secunia.com/advisories/27469 http://securityreason.com/securityalert/3342 http://www.sec-consult.com/303.html http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt http://www.securityfocus.com/archive/1/483097/100/0/threaded http://www.securityfocus.com/bid/26288 http://www.vupen.com/english/advisories/2007/3696 https://exchange.xforce.ibmcloud.com/vulnerabilities/38221 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •