30 matches found
CVE-2008-2702
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by...
CVE-2008-2702
CVE-2008-2702 affects the FTP client in ESTsoft ALTools ALFTP (4.1 beta 2 and 5.0). The vulnerability is a directory traversal via .. in a LIST response, allowing a remote FTP server to create or overwrite arbitrary files on the affected system. The note explicitly mentions potential for code exe...
ALFTP客户端LIST命令目录遍历漏洞
BUGTRAQ ID: 29585 ALFTP是ESTsoft开发的一款免费的FTP客户端。 ALFTP客户端没有正确地过滤FTP服务器在LIST命令响应中所返回的包含有目录遍历序列(斜线和反斜线)的文件名,如果用户受骗从恶意的FTP服务器下载了目录的话,就可能导致向用户系统中的任意位置写入文件。 ESTsoft ALFTP 5.0 ESTsoft ALFTP 4.1 beta 2 ESTsoft ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.altools.com/ALTools/ALFTP.asp...
ALFTP FTP Client 4.15.0 - LIST Directory Traversal
ALFTP FTP Client 4.15.0 - LIST Directory Traversal source: https://www.securityfocus.com/bid/29585/info ALFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Exploiting this issue will...
ALFTP FTP Client 4.1/5.0 - 'LIST' Directory Traversal
source: https://www.securityfocus.com/bid/29585/info ALFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Exploiting this issue will allow an attacker to write arbitrary files to...
CVE-2006-5950
Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details...
CVE-2006-5949
Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party...
CVE-2006-5949
CVE-2006-5949 describes a directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1 (and possibly earlier) . The issue allows remote attackers to exploit MKD requests to create arbitrary directories via directory traversal sequences. The description notes the vulnerability details ...
CVE-2006-5950
The CVE concerns ALTools ALFTP FTP Server 4.1 beta 1 (and possibly earlier). The vulnerability allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, likely due to response messages. Impact is noted as Partial confidentiality; no exploits...
CVE-2006-5950
Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details...