PT-2008-2713 · Netopia · Timbuktu Pro

Titon

Published

2008-03-14

Updated

2018-10-11

CVE-2008-1117

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Timbuktu Pro versions 8.6.5

Description A directory traversal issue in the Notes feature of Timbuktu Pro allows remote attackers to upload files to arbitrary locations by using a destination filename with a (backslash) character followed by ../ (dot dot slash) sequences. This can potentially be leveraged for code execution by writing to a Startup folder.

Recommendations For version 8.6.5, consider restricting access to the Notes feature until a fix is available. As a temporary workaround, avoid using the Notes feature to upload files to sensitive locations.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-1117

Affected Products

Timbuktu Pro

PT-2008-2713 · Netopia · Timbuktu Pro

CVE-2008-1117

Weakness Enumeration

Related Identifiers

Affected Products

References · 15