Ben Spink CrushFTP FTP Server 2.1.6 and previous versions allows a local malicious user to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ben spink crushftp ftp server 2.1.4 |
||
ben spink crushftp ftp server |