Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kiwi_cattools | Kiwi_enterprises | * | * |