[Forgot Password]
Login  Register Subscribe

24003

 
 

131401

 
 

103942

 
 

909

 
 

84044

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-5275Date: (C)2008-11-28   (M)2018-02-19


Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
BID-29664
SECUNIA-30611
http://vuln.sg/net2ftp096-en.html
net2ftp-requesthandling-code-execution(42994)

CWE    1
CWE-22

© 2013 SecPod Technologies