CVE-2006-6240

Name of the Vulnerable Software and Affected Versions Sorin Chitu Telnet-FTP Server version 1.0

Description The issue allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a .. (dot dot) sequence in an FTP command argument. This can be demonstrated by using commands such as RETR (GET) or STOR (PUT) with the .. sequence.

Recommendations For Sorin Chitu Telnet-FTP Server version 1.0, consider restricting access to the FTP server until a fix is available, and avoid using the .. sequence in FTP command arguments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.