header-logo
Suggest Exploit
vendor:
Yak! Chat Client
by:
Unknown
7.5
CVSS
HIGH
Remote Directory Traversal
22
CWE
Product Name: Yak! Chat Client
Affected Version From: 2.1.2002
Affected Version To: 2.1.2002
Patch Exists: NO
Related CWE:
CPE: a:yak!_chat_client:2.1.2
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Yak! Chat Client FTP Server Remote Directory Traversal Vulnerability

The Yak! Chat Client FTP server is prone to a remote directory traversal vulnerability. The issue occurs due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to compromise a computer by placing malicious files on the system and executing them through other means.

Mitigation:

No known mitigation or remediation is available for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11433/info

Yak! Chat Client FTP server is reported prone to a remote directory traversal vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.

This issue can ultimately allow an attacker to compromise a computer by placing malicious files on the system and executing these files through other means.

Yak! 2.1.2 and prior versions are reported vulnerable to this issue.

dir /
dir ../../windows/

put
evil.exe
../../windows/calc.exe

Navigation

Suggest Exploit

Services By CQR

cqrsecured