PT-2001-2086 · Cooolsoft · Cooolsoft Powerftp Server

Published

2001-11-28

Updated

2016-10-18

CVE-2001-0933

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cooolsoft PowerFTP Server version 2.03

Description The issue allows remote attackers to list the contents of arbitrary drives by using a ls (LIST) command that includes the drive letter as an argument, for example, "ls C:".

Recommendations For Cooolsoft PowerFTP Server version 2.03, consider restricting access to the ls command or limiting the ability to specify drive letters as arguments to prevent unauthorized directory listings.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0933

Affected Products

Cooolsoft Powerftp Server

PT-2001-2086 · Cooolsoft · Cooolsoft Powerftp Server

CVE-2001-0933

Related Identifiers

Affected Products

References · 2