Lucene search
K

30 matches found

Cvelist
Cvelist
added 2008/06/13 7:19 p.m.20 views

CVE-2008-2702

Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by...

7AI score0.107EPSS
Exploits1References5
CVE
CVE
added 2008/06/13 7:19 p.m.56 views

CVE-2008-2702

CVE-2008-2702 affects the FTP client in ESTsoft ALTools ALFTP (4.1 beta 2 and 5.0). The vulnerability is a directory traversal via .. in a LIST response, allowing a remote FTP server to create or overwrite arbitrary files on the affected system. The note explicitly mentions potential for code exe...

9.3CVSS7AI score0.107EPSS
Exploits1References5Affected Software1
seebug.org
seebug.org
added 2008/06/11 12:0 a.m.30 views

ALFTP客户端LIST命令目录遍历漏洞

BUGTRAQ ID: 29585 ALFTP是ESTsoft开发的一款免费的FTP客户端。 ALFTP客户端没有正确地过滤FTP服务器在LIST命令响应中所返回的包含有目录遍历序列(斜线和反斜线)的文件名,如果用户受骗从恶意的FTP服务器下载了目录的话,就可能导致向用户系统中的任意位置写入文件。 ESTsoft ALFTP 5.0 ESTsoft ALFTP 4.1 beta 2 ESTsoft ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.altools.com/ALTools/ALFTP.asp...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2008/06/06 12:0 a.m.13 views

ALFTP FTP Client 4.15.0 - LIST Directory Traversal

ALFTP FTP Client 4.15.0 - LIST Directory Traversal source: https://www.securityfocus.com/bid/29585/info ALFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Exploiting this issue will...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/06/06 12:0 a.m.23 views

ALFTP FTP Client 4.1/5.0 - 'LIST' Directory Traversal

source: https://www.securityfocus.com/bid/29585/info ALFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Exploiting this issue will allow an attacker to write arbitrary files to...

7.4AI score
Exploits0
NVD
NVD
added 2006/11/17 12:7 a.m.13 views

CVE-2006-5950

Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details...

5CVSS6AI score0.01291EPSS
Exploits0References4
NVD
NVD
added 2006/11/17 12:7 a.m.12 views

CVE-2006-5949

Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party...

5CVSS6.7AI score0.01623EPSS
Exploits0References4
CVE
CVE
added 2006/11/17 12:0 a.m.43 views

CVE-2006-5949

CVE-2006-5949 describes a directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1 (and possibly earlier) . The issue allows remote attackers to exploit MKD requests to create arbitrary directories via directory traversal sequences. The description notes the vulnerability details ...

5CVSS7AI score0.01623EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2006/11/17 12:0 a.m.545 views

CVE-2006-5950

The CVE concerns ALTools ALFTP FTP Server 4.1 beta 1 (and possibly earlier). The vulnerability allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, likely due to response messages. Impact is noted as Partial confidentiality; no exploits...

5CVSS6.3AI score0.01291EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2006/11/17 12:0 a.m.24 views

CVE-2006-5950

Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details...

6AI score0.01291EPSS
Exploits0References4
Rows per page
Query Builder