Search criteria
7 vulnerabilities found for alftp by estsoft
FKIE_CVE-2012-0315
Vulnerability from fkie_nvd - Published: 2012-02-22 13:54 - Updated: 2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN85695061/995223/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN85695061/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118 | Broken Link | |
| vultures@jpcert.or.jp | http://www.altools.jp/download.aspx | Broken Link, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN85695061/995223/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN85695061/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.altools.jp/download.aspx | Broken Link, Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:estsoft:alftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4715D22D-5868-4A25-AB6E-0AC3E0FCDAED",
"versionEndIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:estsoft:alftp:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA854AAA-D9CF-479A-AEB2-89B91A9E5372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:estsoft:alftp:4.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "CF263169-AF6F-470A-BEB3-D5A03E9BE545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:estsoft:alftp:4.1:beta2:*:en:*:*:*:*",
"matchCriteriaId": "D305F6D8-A458-4B20-9989-39F08D79EA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:estsoft:alftp:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB0095D-D7D6-425A-AFC1-2FE3C4796129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:estsoft:alftp:5.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1E7CA781-E4EC-4CC2-8DA3-D14329DAE240",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en ALFTP antes de v5.31 permite a usuarios locales obtener privilegios mediante un archivo troyano ejecutable en un directorio al que se accede para leer un archivo sin extensi\u00f3n, tal y como se demuestra con la ejecuci\u00f3n del archivo README.EXE cuando un usuario intenta acceder al archivo README."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2012-0315",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-22T13:54:03.553",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85695061/995223/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85695061/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Broken Link"
],
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.altools.jp/download.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85695061/995223/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85695061/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.altools.jp/download.aspx"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-2702
Vulnerability from fkie_nvd - Published: 2008-06-13 19:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/30559 | Third Party Advisory | |
| cve@mitre.org | http://vuln.sg/alftp41b2-en.html | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/29585 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1763/references | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/42900 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30559 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://vuln.sg/alftp41b2-en.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/29585 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1763/references | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/42900 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:estsoft:alftp:4.1:beta2:*:en:*:*:*:*",
"matchCriteriaId": "D305F6D8-A458-4B20-9989-39F08D79EA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:estsoft:alftp:5.0:*:*:ko:*:*:*:*",
"matchCriteriaId": "403386E5-BF03-4BE0-A953-9DBAF1810925",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el cliente FTP en ALTools ESTsoft ALFTP 4.1 beta 2 y 5.0, permite a los servidores FTP remotos sobreescribir fichero aleatorios a trav\u00e9s de ..(punto punto) en respuesta al comando LIST, lo que esta relacionado con CVE-2002-1345. NOTA: esto puede ser utilizado para ejecutar c\u00f3digo escribiendo en la carpeta Startup."
}
],
"id": "CVE-2008-2702",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-06-13T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30559"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://vuln.sg/alftp41b2-en.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29585"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1763/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://vuln.sg/alftp41b2-en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1763/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42900"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-0315 (GCVE-0-2012-0315)
Vulnerability from cvelistv5 – Published: 2012-02-22 11:00 – Updated: 2024-09-17 00:50
VLAI?
Summary
Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:29.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85695061/995223/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "JVN#85695061",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85695061/index.html"
},
{
"name": "JVNDB-2012-000011",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-22T11:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN85695061/995223/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "JVN#85695061",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85695061/index.html"
},
{
"name": "JVNDB-2012-000011",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN85695061/995223/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN85695061/995223/index.html"
},
{
"name": "http://www.altools.jp/download.aspx",
"refsource": "MISC",
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "JVN#85695061",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85695061/index.html"
},
{
"name": "JVNDB-2012-000011",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011"
},
{
"name": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118",
"refsource": "MISC",
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0315",
"datePublished": "2012-02-22T11:00:00Z",
"dateReserved": "2012-01-04T00:00:00Z",
"dateUpdated": "2024-09-17T00:50:50.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2702 (GCVE-0-2008-2702)
Vulnerability from cvelistv5 – Published: 2008-06-13 19:19 – Updated: 2024-08-07 09:14
VLAI?
Summary
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:13.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30559"
},
{
"name": "29585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29585"
},
{
"name": "ADV-2008-1763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1763/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vuln.sg/alftp41b2-en.html"
},
{
"name": "alftpftp-list-directory-traversal(42900)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30559"
},
{
"name": "29585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29585"
},
{
"name": "ADV-2008-1763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1763/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vuln.sg/alftp41b2-en.html"
},
{
"name": "alftpftp-list-directory-traversal(42900)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30559"
},
{
"name": "29585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29585"
},
{
"name": "ADV-2008-1763",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1763/references"
},
{
"name": "http://vuln.sg/alftp41b2-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/alftp41b2-en.html"
},
{
"name": "alftpftp-list-directory-traversal(42900)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2702",
"datePublished": "2008-06-13T19:19:00",
"dateReserved": "2008-06-13T00:00:00",
"dateUpdated": "2024-08-07T09:14:13.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0315 (GCVE-0-2012-0315)
Vulnerability from nvd – Published: 2012-02-22 11:00 – Updated: 2024-09-17 00:50
VLAI?
Summary
Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:29.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85695061/995223/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "JVN#85695061",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85695061/index.html"
},
{
"name": "JVNDB-2012-000011",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-22T11:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN85695061/995223/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "JVN#85695061",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85695061/index.html"
},
{
"name": "JVNDB-2012-000011",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN85695061/995223/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN85695061/995223/index.html"
},
{
"name": "http://www.altools.jp/download.aspx",
"refsource": "MISC",
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "JVN#85695061",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85695061/index.html"
},
{
"name": "JVNDB-2012-000011",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011"
},
{
"name": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118",
"refsource": "MISC",
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0315",
"datePublished": "2012-02-22T11:00:00Z",
"dateReserved": "2012-01-04T00:00:00Z",
"dateUpdated": "2024-09-17T00:50:50.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2702 (GCVE-0-2008-2702)
Vulnerability from nvd – Published: 2008-06-13 19:19 – Updated: 2024-08-07 09:14
VLAI?
Summary
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:13.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30559"
},
{
"name": "29585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29585"
},
{
"name": "ADV-2008-1763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1763/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vuln.sg/alftp41b2-en.html"
},
{
"name": "alftpftp-list-directory-traversal(42900)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30559"
},
{
"name": "29585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29585"
},
{
"name": "ADV-2008-1763",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1763/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vuln.sg/alftp41b2-en.html"
},
{
"name": "alftpftp-list-directory-traversal(42900)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30559"
},
{
"name": "29585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29585"
},
{
"name": "ADV-2008-1763",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1763/references"
},
{
"name": "http://vuln.sg/alftp41b2-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/alftp41b2-en.html"
},
{
"name": "alftpftp-list-directory-traversal(42900)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2702",
"datePublished": "2008-06-13T19:19:00",
"dateReserved": "2008-06-13T00:00:00",
"dateUpdated": "2024-08-07T09:14:13.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2012-000011
Vulnerability from jvndb - Published: 2012-02-13 15:58 - Updated:2012-02-13 15:58Summary
ALFTP may insecurely load executable files
Details
ALFTP may use unsafe methods for determining how to load executables.
ALFTP provided by ESTsoft Corp. is a FTP client software with the built in FTP server. ALFTP contains an issue when loading files.
For example, if an user tries to open README (a file without extention) which exists in the same directory where README.exe (a file with .exe extention) exists, README.exe is executed instead of README.
Fumihiko Sano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000011.html",
"dc:date": "2012-02-13T15:58+09:00",
"dcterms:issued": "2012-02-13T15:58+09:00",
"dcterms:modified": "2012-02-13T15:58+09:00",
"description": "ALFTP may use unsafe methods for determining how to load executables.\r\n\r\nALFTP provided by ESTsoft Corp. is a FTP client software with the built in FTP server. ALFTP contains an issue when loading files.\r\nFor example, if an user tries to open README (a file without extention) which exists in the same directory where README.exe (a file with .exe extention) exists, README.exe is executed instead of README.\r\n\r\nFumihiko Sano reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000011.html",
"sec:cpe": {
"#text": "cpe:/a:estsoft:alftp",
"@product": "ALFTP",
"@vendor": "ESTsoft",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000011",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85695061/index.html",
"@id": "JVN#85695061",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0315",
"@id": "CVE-2012-0315",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0315",
"@id": "CVE-2012-0315",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "ALFTP may insecurely load executable files"
}