Lucene search

[email protected]CVE-2010-4153

HistoryNov 03, 2010 - 8:00 p.m.

CVE-2010-4153

2010-11-0320:00:03

CWE-22

[email protected]

web.nvd.nist.gov

cve

directory traversal

crossftp pro

nvd

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.9%

JSON

Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "…" (dot dot backslash) in a filename.

Affected configurations

NVD

Node

crossftpcrossftp_proRange≤1.65a

crossftpcrossftp_proMatch1.14

crossftpcrossftp_proMatch1.15

crossftpcrossftp_proMatch1.16

crossftpcrossftp_proMatch1.17

crossftpcrossftp_proMatch1.18

crossftpcrossftp_proMatch1.19

crossftpcrossftp_proMatch1.20

crossftpcrossftp_proMatch1.21

crossftpcrossftp_proMatch1.22

crossftpcrossftp_proMatch1.23

crossftpcrossftp_proMatch1.24

crossftpcrossftp_proMatch1.25

crossftpcrossftp_proMatch1.26

crossftpcrossftp_proMatch1.27

crossftpcrossftp_proMatch1.28

crossftpcrossftp_proMatch1.29

crossftpcrossftp_proMatch1.30

crossftpcrossftp_proMatch1.31

crossftpcrossftp_proMatch1.32

crossftpcrossftp_proMatch1.33

crossftpcrossftp_proMatch1.34

crossftpcrossftp_proMatch1.35

crossftpcrossftp_proMatch1.36

crossftpcrossftp_proMatch1.37

crossftpcrossftp_proMatch1.38

crossftpcrossftp_proMatch1.39

crossftpcrossftp_proMatch1.40

crossftpcrossftp_proMatch1.41

crossftpcrossftp_proMatch1.42

crossftpcrossftp_proMatch1.50

crossftpcrossftp_proMatch1.51

crossftpcrossftp_proMatch1.52

crossftpcrossftp_proMatch1.53

CPENameOperatorVersion
crossftp:crossftp_procrossftp crossftp prole1.65a
crossftp:crossftp_procrossftp crossftp proeq1.14
crossftp:crossftp_procrossftp crossftp proeq1.15
crossftp:crossftp_procrossftp crossftp proeq1.16
crossftp:crossftp_procrossftp crossftp proeq1.17
crossftp:crossftp_procrossftp crossftp proeq1.18
crossftp:crossftp_procrossftp crossftp proeq1.19
crossftp:crossftp_procrossftp crossftp proeq1.20
crossftp:crossftp_procrossftp crossftp proeq1.21
crossftp:crossftp_procrossftp crossftp proeq1.22

CPE	Name	Operator	Version
crossftp:crossftp_pro	crossftp crossftp pro	le	1.65a
crossftp:crossftp_pro	crossftp crossftp pro	eq	1.14
crossftp:crossftp_pro	crossftp crossftp pro	eq	1.15
crossftp:crossftp_pro	crossftp crossftp pro	eq	1.16
crossftp:crossftp_pro	crossftp crossftp pro	eq	1.17
crossftp:crossftp_pro	crossftp crossftp pro	eq	1.18
crossftp:crossftp_pro	crossftp crossftp pro	eq	1.19
crossftp:crossftp_pro	crossftp crossftp pro	eq	1.20
crossftp:crossftp_pro	crossftp crossftp pro	eq	1.21
crossftp:crossftp_pro	crossftp crossftp pro	eq	1.22

Rows per page:

1-10 of 341

References

secunia.com/advisories/41852

www.htbridge.ch/advisory/directory_traversal_vulnerability_in_crossftp_pro.html

www.osvdb.org/68700

www.securityfocus.com/bid/44070

exchange.xforce.ibmcloud.com/vulnerabilities/62549

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.9%

JSON

Related for CVE-2010-4153

htbridge1 prion1 cvelist1 nvd1