NVD

Id
1078  
Name
CVE-2008-1117  
Description
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-03  
Published
2008-03-14  
Modified Date
2011-03-07  
Seq
2008-1117  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
6685 1078 CVE-2008-1117 http://aluigi.altervista.org/adv/timbuto-adv.txt  View
6686 1078 CVE-2008-1117 http://aluigi.org/poc/timbuto.zip  View
6687 1078 CVE-2008-1117 3741  View
6688 1078 CVE-2008-1117 http://www.coresecurity.com/?action=item&id=2166  View
6689 1078 CVE-2008-1117 4455  View
6690 1078 CVE-2008-1117 5238  View
6691 1078 CVE-2008-1117 20080310 Vulnerabilities in Timbuktu Pro 8.6.5  View
6692 1078 CVE-2008-1117 20080311 Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5  View
6693 1078 CVE-2008-1117 20080311 CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection  View
6694 1078 CVE-2008-1117 28081  View
6695 1078 CVE-2008-1117 ADV-2008-0840  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
48867 JVNDB-2008-004177 Windows および Mac OS X 用の Timbuktu Pro におけるディレクトリトラバーサルの脆弱性 Windows および Mac OS X 用の Timbuktu Pro の tb2ftp.dll の Notes 機能には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2008-1117 31230 CVE-2008-1117 1078 10 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-004177.html 2008-03-14 2012-09-25 View