CVE

Id
32752  
CVE No.
CVE-2008-2635  
Status
Candidate  
Description
Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the BitKinex WebDAV client. NOTE: this can be leveraged for code execution by writing to a Startup folder.  
Phase
Assigned (20080609)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
354436 32752 CVE-2008-2635 MISC:http://vuln.sg/bitkinex293-en.html  View
354437 32752 CVE-2008-2635 VUPEN:ADV-2008-1738  View
354438 32752 CVE-2008-2635 URL:http://www.vupen.com/english/advisories/2008/1738/references  View
354439 32752 CVE-2008-2635 SECUNIA:30532  View
354440 32752 CVE-2008-2635 URL:http://secunia.com/advisories/30532  View
354441 32752 CVE-2008-2635 XF:bitkinex-webdav-ftp-directory-traversal(42842)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
46144 JVNDB-2008-001454 Citect 社製 CitectSCADA におけるバッファオーバーフローの脆弱性 Citect 社製 CitectSCADA にはバッファオーバーフローの脆弱性が存在します。 CVE-2008-2639 32752 7.6 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001454.html  View