header-logo
Suggest Exploit
vendor:
Freefloat FTP Server
by:
6.5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: Freefloat FTP Server
Affected Version From: Freefloat FTP Server 1.0
Affected Version To: Freefloat FTP Server 1.0.10
Patch Exists: YES
Related CWE: CVE-2011-0413
CPE: a:freefloat_project:freefloat_ftp_server:1.0
Other Scripts:
Platforms Tested: Windows
2011

Directory Traversal Vulnerability in Freefloat FTP Server

Freefloat FTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to retrieve arbitrary files outside of the FTP server root directory. This may aid in further attacks.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update to the latest version of Freefloat FTP Server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/45218/info

Freefloat FTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to retrieve arbitrary files outside of the FTP server root directory. This may aid in further attacks.

GET ../../boot.ini