[25587] in bugtraq
Re: Problems with various windows FTP servers
daemon@ATHENA.MIT.EDU (Stephen Cope)
Tue May 28 11:35:35 2002
Date: Tue, 28 May 2002 22:13:01 +1200
From: Stephen Cope <mail@unsolicited.kimihia.org.nz>
To: bugtraq@securityfocus.com
Message-ID: <20020528101301.GD820@mess.kimihia.org.nz>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT"
Content-Disposition: inline
In-Reply-To: <006f01c205ad$d65e98c0$3400a8c0@lan>
--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I discovered a few days ago that FileZilla[0] up to 0.7.0 is vulnerable
to listing files outside the root directory by using "..". The author
fixed the problem immediately and has released version 0.7.1.
http://sf.net/projects/filezilla/
SnakeByte, your download link has the / facing the wrong way.
> it reports the problem [ www.kryptocrew.de/snakebyte/bed.html ].
--=20
Stephen Cope - http://sdc.org.nz/
--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: See http://sdc.org.nz/email for more detail
iEYEARECAAYFAjzzWC0ACgkQ4Bjb33S48hZP/QCfUkPgJKNLtSM68h1xjk7JFBBM
t30AoM920UWvM3eZtRqVME8zcu2ue/BW
=B9C8
-----END PGP SIGNATURE-----
--X1bOJ3K7DJ5YkBrT--
