Computer Security

CVE-2007-0888
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2007-0888
StatusCandidate
DescriptionDirectory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
SeverityMedium
CVSS score4,7
CVSS vector(AV:R/AC:L/Au:NR/C:P/I:P/A:N/B:N)
PhaseAssigned (12.02.2007)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0888
ReferencesBID : 22490
 BUGTRAQ : 20070208 TFTP directory traversal in Kiwi CatTools
 BUGTRAQ : 20070213 Re: TFTP directory traversal in Kiwi CatTools
 CONFIRM : http://www.kiwisyslog.com/kb/idx/5/178/article/
 FRSIRT : ADV-2007-0536
 OSVDB : 33162
 SECUNIA : 24103
 XF : kiwicattools-tftp-directory-traversal(32398)
SecurityVulns:Kiwi CatTools TFTO directory traversal
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru