Lucene search

K

MitreCVELIST:CVE-2008-1117

HistoryMar 14, 2008 - 8:00 p.m.

CVE-2008-1117

2008-03-1420:00:00

mitre

www.cve.org

4

AI Score

7.4

Confidence

Low

EPSS

0.548

Percentile

97.7%

Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by …/ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.

References

aluigi.altervista.org/adv/timbuto-adv.txt

aluigi.org/poc/timbuto.zip

secunia.com/advisories/29316

securityreason.com/securityalert/3741

www.coresecurity.com/?action=item&id=2166

www.securityfocus.com/archive/1/489360/100/0/threaded

www.securityfocus.com/archive/1/489382/100/0/threaded

www.securityfocus.com/archive/1/489414/100/0/threaded

www.securityfocus.com/bid/28081

www.vupen.com/english/advisories/2008/0840

www.exploit-db.com/exploits/4455

www.exploit-db.com/exploits/5238

AI Score

7.4

Confidence

Low

EPSS

0.548

Percentile

97.7%

Related for CVELIST:CVE-2008-1117

cve2 nvd2 prion2 exploitdb4 cvelist1 metasploit1 packetstorm2 seebug2 securityvulns3 nessus1