CVE-2008-2779

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345.  NOTE: this can be leveraged for code execution by writing to a Startup folder.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
globalscapecuteftp
8.2.0
globalscapecuteftp
8.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/29760
http://vuln.sg/cuteftp820-en.html
http://www.securitytracker.com/id?1020113
http://www.vupen.com/english/advisories/2008/1653/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42633
http://secunia.com/advisories/29760
http://vuln.sg/cuteftp820-en.html
http://www.securitytracker.com/id?1020113
http://www.vupen.com/english/advisories/2008/1653/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42633