
CVE-2007-4061 – Nessus Vulnerability Scanner 3.0.6 - ActiveX Command Execution
https://notcve.org/view.php?id=CVE-2007-4061
30 Jul 2007 — Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder. Vulnerabilidad de salto de directorio en un cierto control ActiveX en Nes... • https://www.exploit-db.com/exploits/4237 •

CVE-2007-4062 – Nessus Vulnerability Scanner 3.0.6 - ActiveX Command Execution
https://notcve.org/view.php?id=CVE-2007-4062
30 Jul 2007 — The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability. El control ActiveX SCANCTRL.ScanCtrlCtrl.1 en scan.dll de Nessus Vulnerability Scanner 3.0.6 permite a atacantes remotos borrar archivos de su elección a través de vectores no especificados involucrando el método delteNessusRC, probablemente una vulnerabilidad ... • https://www.exploit-db.com/exploits/4237 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2007-4031 – Nessus Vulnerability Scanner 3.0.6 - ActiveX Command Execution
https://notcve.org/view.php?id=CVE-2007-4031
27 Jul 2007 — Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. Una vulnerabilidad de salto de directorio en un determinado control ActiveX en Nessus Vulnerability Scanner versión 3.0.6, permite a atacantes remotos eliminar archivos arbitrarios por medio de un .. (punto punto) en el a... • https://www.exploit-db.com/exploits/4237 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •