[VIM] Home FTP SERVER 1.12 Directory Traversal
rkeith
rkeith at securityfocus.com
Mon Feb 28 15:20:58 CST 2011
Seems like a reasonable conclusion they are the same issue.
We'll make some changes at our end to reflect that.
-Rob
On 02/28/2011 02:06 PM, George A. Theall wrote:
> Exploit DB 16259 / Bugtraq 46600 concern a directory traversal issue in
> Home FTP SERVER 1.12 and give as a PoC:
>
> RETR ../../../../boot.ini
>
> Exploit DB 15349 / Bugtraq 44543 concern a series of directory traversal
> issues in an earlier version of the same software; one of the PoCs is:
>
> GET ../../../boot.ini
>
> Since an FTP client translates a "GET" into the command "RETR" when
> speaking to an FTP server, the new VDB identifiers seem to be just
> rehashes of the earlier ones. Or am I missing something. Rob?
>
>
> George
More information about the VIM
mailing list