[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250363

 
 

909

 
 

196124

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-2399Date: (C)2008-05-22   (M)2023-12-22


Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-29289
SECUNIA-30284
ADV-2008-1596
VU#906907
fireftp-mlsd-list-directory-traversal(42516)
http://vuln.sg/fireftp0971-en.html
http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.58%3Br2=1.59%3Bf=h

CPE    1
cpe:/a:mozilla:firefox
CWE    1
CWE-22

© SecPod Technologies