CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2008-2015 – Watchfire Appscan 7.0 - ActiveX Multiple Insecure Methods
https://notcve.org/view.php?id=CVE-2008-2015
30 Apr 2008 — Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder. Múltiples vulnerabilidades de salto de ruta absoluta en determinados controles ActiveX en WatchFir... • https://www.exploit-db.com/exploits/5496 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 3CVE-2005-4270 – Watchfire AppScan QA 5.0.x - Remote Code Execution
https://notcve.org/view.php?id=CVE-2005-4270
15 Dec 2005 — Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field. Desbordamiento de búfer en Wathfire AppScan QA 5.0.609 y 5.0.134 permite a servidores web remotos ejecutar código de su elección mediante una respuesta HTTP 401 con una cabecera WWW-Authenthicate conteniendo un campo Realm largo. • https://www.exploit-db.com/exploits/1374 •