2 matches found
CVE-2020-11707
An issue was discovered in ProVide formerly zFTPServer through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user non-admin can craft a Junction Link in a directory he has full control of, breaking out of the sandbox...
CVE-2020-11707
CVE-2020-11707 affects ProVide (formerly zFTPServer) up to version 13.1. The issue is that Windows Symlinks/Junctions permissions are not enforced, allowing a low-privilege user who has directory control to craft a Junction Link and break out of the sandbox. Exploitation details and impact are de...