This host is running Arkeia Appliance and is prone to multiple vulnerabilities.
Successful exploitation will allow remote attackers to perform directory traversal attacks and read arbitrary files on the affected application. arbitrary data. Impact Level: Application
Upgrade to Arkeia Appliance 10.1.10 or later, For updates refer to http://www.arkeia.com/download
Multiple flaws are due, - There are no restrictions when a POST request is send to '/scripts/upload.php' thus allowing any unauthenticated client to upload any data to the /tmp/ApplianceUpdate file. - Input passed via 'lang' parameter to 'Cookie' field in HTTP header is not properly sanitised before being returned to the user.
Arkeia Appliance Version 10.0.10 and prior.
Send the crafted HTTP GET request and check is it possible to read the system file or not.
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- ASP-Dev XM Event Diary Multiple Vulnerabilities
- Apple Safari RSS Feed Information Disclosure Vulnerability
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability