Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the nlist … command.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Surgeftp | Netwin | 1.0b (including) | 1.0b (including) |
| Surgeftp | Netwin | 2.0a (including) | 2.0a (including) |
References
- http://www.netwinsite.com/surgeftp/manual/updates.htm
- http://www.securityfocus.com/archive/1/191916
- http://www.securityfocus.com/bid/2892
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6711
- http://www.netwinsite.com/surgeftp/manual/updates.htm
- http://www.securityfocus.com/archive/1/191916
- http://www.securityfocus.com/bid/2892
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6711