Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2008-2702

Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

  • Published: Jun 13, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-2702
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

Software From Fixed in
estsoft / alftp 4.1-beta2 4.1-beta2.x
estsoft / alftp 5.0 5.0.x