Directory Traversal Vulnerability in Xlight FTP Server by Xlight Software
CVE-2010-2695

Currently unrated

Key Information:

Vendor: Xlightftpd
Status: Xlight Ftp Server
Vendor: CVE Published:; 12 July 2010

What is CVE-2010-2695?

A directory traversal vulnerability exists in the SFTP/SSH2 virtual server of Xlight FTP Server, allowing remote authenticated users to manipulate files in arbitrary directories. By using '..' (dot dot) sequences in commands such as ls, rm, and rename, an attacker could exploit this flaw to read, overwrite, or delete sensitive files on the server, leading to potential data loss or unauthorized access.

References

http://www.securityfocus.com/archive/1/512192/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.xlightftpd.com/whatsnew.htm

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/60151

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2010
Vulnerability Reserved
Jul 12, 2010

JSON

Xlightftpd

What is CVE-2010-2695?

References

Timeline