[VIM] Home FTP SERVER 1.12 Directory Traversal

rkeith rkeith at securityfocus.com
Mon Feb 28 15:20:58 CST 2011

Seems like a reasonable conclusion they are the same issue.

We'll make some changes at our end to reflect that.


On 02/28/2011 02:06 PM, George A. Theall wrote:
> Exploit DB 16259 / Bugtraq 46600 concern a directory traversal issue in
> Home FTP SERVER 1.12 and give as a PoC:
>   RETR ../../../../boot.ini
> Exploit DB 15349 / Bugtraq 44543 concern a series of directory traversal
> issues in an earlier version of the same software; one of the PoCs is:
>   GET ../../../boot.ini
> Since an FTP client translates a "GET" into the command "RETR" when
> speaking to an FTP server, the new VDB identifiers seem to be just
> rehashes of the earlier ones. Or am I missing something. Rob?
> George

More information about the VIM mailing list