CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-5275

Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.7%

CVSS Severity

CVSS v2 Score 7.5

References

http://secunia.com/advisories/30611
http://vuln.sg/net2ftp096-en.html
http://www.securityfocus.com/bid/29664
https://exchange.xforce.ibmcloud.com/vulnerabilities/42994
http://secunia.com/advisories/30611
http://vuln.sg/net2ftp096-en.html
http://www.securityfocus.com/bid/29664
https://exchange.xforce.ibmcloud.com/vulnerabilities/42994

Products affected by CVE-2008-5275

Net2ftp » Net2ftp » Version: 0.96

cpe:2.3:a:net2ftp:net2ftp:0.96
Net2ftp » Net2ftp » Version: 0.97

cpe:2.3:a:net2ftp:net2ftp:0.97

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-5275

Products

Pricing

Contact Us