[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-4842

Date: (C)2007-09-12   (M)2017-07-31
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Reference:
SECTRACK-1018661
http://www.securityfocus.com/archive/1/archive/1/478755/100/0/threaded
SECUNIA-26737
SREASON-3123
OSVDB-40501
ADV-2007-3103
http://blog.hispasec.com/lab/advisories/adv_MagellanExplorer_3_32_Remote_Traversal.txt
magellan-ftp-directory-traversal(36499)

CWE    1
CWE-22

© 2013 SecPod Technologies