CVE-2007-0888

2007-02-12T23:28:00
ID CVE-2007-0888
Type cve
Reporter cve@mitre.org
Modified 2018-10-16T16:35:00

Description

Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command. This vulnerability is addressed in the following product update: Kiwi Enterprises, Kiwi CatTools, 3.2.0 Beta