Vulnerability Details CVE-2010-4149
Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.8%
CVSS Severity
CVSS v2 Score 9.3
References
- http://packetstormsecurity.org/1010-exploits/freshftp-traversal.txt
- http://secunia.com/advisories/41798
- http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_freshftp.html
- http://www.osvdb.org/68667
- http://www.securityfocus.com/archive/1/514259/100/0/threaded
- http://www.securityfocus.com/bid/44072
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62555
- http://packetstormsecurity.org/1010-exploits/freshftp-traversal.txt
- http://secunia.com/advisories/41798
- http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_freshftp.html
- http://www.osvdb.org/68667
- http://www.securityfocus.com/archive/1/514259/100/0/threaded
- http://www.securityfocus.com/bid/44072
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62555
Products affected by CVE-2010-4149
-
cpe:2.3:a:freshwebmaster:fresh_ftp:*
-
cpe:2.3:a:freshwebmaster:fresh_ftp:5.36