Lucene search
High-Tech BridgeHTB22628HistorySep 27, 2010 - 12:00 a.m.
Directory Traversal Vulnerability in FreshFTP
2010-09-2700:00:00
High-Tech Bridge
www.htbridge.com
18
0.005 Low
EPSS
Percentile
77.4%
High-Tech Bridge SA Security Research Lab has discovered vulnerability in FreshFTP which could be exploited to execute arbitrary code on vulnerable system.
- Directory Traversal Vulnerability in FreshFTP: CVE-2010-4149
The vulnerability exists due to insufficient sanitation of the downloaded filename. A remote attacker controlling an FTP server can trick user into downloading file with specially crafted filename, containing directory traversal sequences (e.g. “…\…\…\…\…\…\…\somefile.exe”) and write it into arbitrary locations on the target system. Successful exploitation might allow remote code execution but requires that victim uses FreshFTP to connect to the FTP server and download a malicious file.
Related
openvas
openvas
FreshWebMaster Fresh FTP Filename Directory Traversal Vulnerability
2010-11-04 00:00:00
FreshWebMaster Fresh FTP Filename Directory Traversal Vulnerability
2010-11-04 00:00:00
nvd
nvd
CVE-2010-4149
2010-11-02 02:26:23
cve
cve
CVE-2010-4149
2010-11-02 02:26:23
cvelist
cvelist
CVE-2010-4149
2010-11-01 23:00:00
prion
prion
Directory traversal
2010-11-02 02:26:00