Back to search
CVE-2008-5275
Published: Nov 28, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
net2ftp-requesthandling-code-execution(42994)
vdb-entry
x_refsource_XF
http://vuln.sg/net2ftp096-en.html
x_refsource_MISC
29664
vdb-entry
x_refsource_BID
30611
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now