PT-2007-5979 · Enriva Development · Magellan Explorer

Gynvael Coldwind

Published

2007-09-12

Updated

2018-10-15

CVE-2007-4842

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Enriva Development Magellan Explorer version 3.32 build 2305 and earlier

Description: A directory traversal issue allows remote FTP servers to create or overwrite arbitrary files by including a .. (dot dot) in a filename. This can potentially be used for code execution by writing to a Startup folder.

Recommendations: For Enriva Development Magellan Explorer version 3.32 build 2305 and earlier, consider restricting access to the FTP functionality until a fix is available. As a temporary workaround, avoid using the FTP feature to connect to remote servers.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2007-4842

Affected Products

Magellan Explorer

PT-2007-5979 · Enriva Development · Magellan Explorer

CVE-2007-4842

Weakness Enumeration

Related Identifiers

Affected Products

References · 9