ID CVE-2002-0558
Summary Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters.
References
Vulnerable Configurations
  • TYPSoft TYPSoft FTP Server 0.85
    cpe:2.3:a:typsoft:typsoft_ftp_server:0.85
  • TYPSoft TYPSoft FTP Server 0.93
    cpe:2.3:a:typsoft:typsoft_ftp_server:0.93
  • TYPSoft TYPSoft FTP Server 0.95
    cpe:2.3:a:typsoft:typsoft_ftp_server:0.95
  • TYPSoft TYPSoft FTP Server 0.96
    cpe:2.3:a:typsoft:typsoft_ftp_server:0.96
  • TYPSoft TYPSoft FTP Server 0.97
    cpe:2.3:a:typsoft:typsoft_ftp_server:0.97
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family FTP
NASL id TYPSOFTFTP_DIR_TRAVERSAL.NASL
description Using 'cd ...', it is possible to move from the FTP server root directory and access any file on the remote machine.
last seen 2019-02-21
modified 2018-08-01
plugin id 14706
published 2004-09-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=14706
title TYPSoft FTP Server LIST Command Traversal Arbitrary Directory Listing
refmap via4
bid 2489
bugtraq 20020407 Typsoft FTP Server: yet another directory traversal vulnerability
xf typsoft-ftp-directory-traversal(6165)
Last major update 05-09-2008 - 16:28
Published 03-07-2002 - 00:00
Back to Top