FireFTP 'MLSD' And 'LIST' Commands Directory Traversal Vulnerability

FireFTP is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows an attacker to write arbitrary files to locations outside of the FTP client's current directory. This could help the attacker launch further attacks.

FireFTP 0.97.1 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus