PlatinumFTPServer 1.0.6 - Arbitrary File Deletion
| EKU-ID: 27603 | CVE: | OSVDB-ID: |
| Author: Dennis Rand | Published: 2002-12-30 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27603 | CVE: | OSVDB-ID: |
| Author: Dennis Rand | Published: 2002-12-30 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/6493/info It has been reported that PlatinumFTPserver fails to properly sanitize some FTP commands. By sending a malicious request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to delete sensitive resources located outside of the FTP root. Deleting arbitrary files may render the system unusable. Other scenarios are also possible. delete ..\..\..\..\boot.ini