Computer Security
[EN] securityvulns.ru no-pyccku


Kiwi CatTools TFTO directory traversal
updated since 09.02.2007
Published:27.02.2007
Source:
SecurityVulns ID:7208
Type:remote
Threat Level:
5/10
Description:Built-in TFTP server directory traversal.
Affected:KIWI : CatTools 3.2
CVE:CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector.)
 CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.)
Original documentdocumentnoreply_(at)_ptsecurity.ru, [Full-disclosure] Kiwi CatTools TFTP server path traversal (27.02.2007)
 documentnicob_(at)_nicob.net, TFTP directory traversal in Kiwi CatTools (09.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod