| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ts at securityoffice.net (Tamer Sahin) Subject: [SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - --[ Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability ]-- - --[ Type Directory Traversal - --[ Release Date November 12, 2002 - --[ Product / Vendor Hyperion FTP Server is a powerful, reliable FTP server for Windows 95/98/NT/2000, and supports all basic FTP commands, and much more, such as passive mode. http://www.mollensoft.com - --[ Summary A vulnerability exists in Hyperion Ftp Server which allows a remote user to traverse the directories of a target host. This may lead to the disclosure of file and directory contents. Arbitrary directories can be accessed through the use of double dot '../' techniques when using the 'ls' command. - --[ Tested Hyperion Ftp Server v2.8.1 / Windows 2000 sp3 Hyperion Ftp Server v2.8.1 / Windows 98 SE - --[ Vulnerable Hyperion Ftp Server v2.8.1 / Windows 2000 sp3 Hyperion Ftp Server v2.8.1 / Windows 98 SE - --[ Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. - --[ Author Tamer Sahin ts@...urityoffice.net http://www.securityoffice.net All our advisories can be viewed at http://www.securityoffice.net/articles/ Please send suggestions, updates, and comments to feedback@...urityoffice.net (c) 2002 SecurityOffice This Security Advisory may be reproduced and distributed, provided that this Security Advisory is not modified in any way and is attributed to SecurityOffice and provided that such reproduction and distribution is performed for non-commercial purposes. Tamer Sahin http://www.securityoffice.net -----BEGIN PGP SIGNATURE----- Version: 2.6 iQEVAwUAPdElXfpL5ibJRTtBAQG/jAf/T/eTJyn3F40jZZLw/xq3GdUlNfN3knBx JN0bZCg8GUoFFr8dFGDq2rKx/nHlxuoZOOCV64rTMUhpaZBI6AUXzgDNfq8/oiex z1mPN1IOwKZuNxW2yC0JYdghdMxfVX9BEu6oHpP6MKxulNd6xLkuBtKipTTNibrZ TopPSX9cqtTX20UXmNCNwcemquLk6hO6paPZZ+UgKqc3Ewm2BDMgbHn79udRgpaE pi8f3YIdUMFCC0KsQ6r/xFAXpekKuMaghFO6mX56CY4Dnuz4wG32yo3bLjUS/gzP dPM/OnZwwbdS+BagOGi4PWnKyTDYBENrk3CGutUfh/gilZltzDWwwQ== =quY4 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists