Описание
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-0888
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32398
- http://secunia.com/advisories/24103
- http://securityreason.com/securityalert/2236
- http://www.kiwisyslog.com/kb/idx/5/178/article
- http://www.osvdb.org/33162
- http://www.securityfocus.com/archive/1/459500/100/0/threaded
- http://www.securityfocus.com/archive/1/459933/100/0/threaded
- http://www.securityfocus.com/bid/22490
- http://www.vupen.com/english/advisories/2007/0536
EPSS
CVE ID
Связанные уязвимости
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
EPSS