Directory Traversal Vulnerability in Quick 'n Easy FTP Server by Pablo Software Solutions
CVE-2004-2747

Currently unrated

Key Information:

Vendor: Pablo Software Solutions
Status: Quick N Easy Ftp Server
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2747?

A directory traversal vulnerability exists in Quick 'n Easy FTP Server, allowing remote authenticated users to exploit the DEL command. By inserting a '..' (dot dot) in the command, users can ascertain the existence of files outside the designated FTP root directory. This issue can lead to error message variations that indicate whether specific files are present, thereby exposing sensitive information about the server's file structure. It is essential for administrators to be aware of this vulnerability to mitigate potential risks to their data security.

References

http://www.securitytracker.com/id?1008756

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/archive/1/350224/30/21640/th...

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/10661

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Nov 8, 2007
Vulnerability published
Dec 31, 2004