Описание
Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.
Уязвимые конфигурации
Конфигурация 1Версия до 1.98 (включая)
Одно из
cpe:2.3:a:ffftp:ffftp:*:c:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.79a:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.80:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.81:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.82:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.83:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.84:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.85:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.86:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.86a:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.87:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.87a:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.88:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.88a:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.88b:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.89:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.89a:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.89b:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.90:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.91:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.92:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.92a:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.92b:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.92c:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.93:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.94:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.94a:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.95:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.96:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.96a:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.96b:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.96c:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.96d:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.97:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.97a:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.97b:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.98:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.98:a:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.98:b:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00357
Низкий
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.
EPSS
Процентиль: 57%
0.00357
Низкий
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other