TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via //../ arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using //../qwerty.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Typsoft_ftp_server | Typsoft | 1.10 (including) | 1.10 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=107764173821905\u0026w=2
- http://www.securityfocus.com/bid/9702
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15306
- http://marc.info/?l=bugtraq\u0026m=107764173821905\u0026w=2
- http://www.securityfocus.com/bid/9702
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15306