← Back

Xangati Xnr

xangati_xnr

Vendor: Xangati • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2014-0359
1Xangati
2Xangati Software Release
Xangati Xnr
May 6, 2026
Apr 15, 2014
N/A· v4
N/A· v3
9.0 HIGH· v2
Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.
CVE-2014-0358
1Xangati
2Xangati Software Release
Xangati Xnr
May 6, 2026
Apr 15, 2014
N/A· v4
N/A· v3
7.8 HIGH· v2
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/M...Show more
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.Show less