CyberSec.Space Logo
Back to CVE Browser

CVE-2019-10009

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1970%
EPSS Percentile11.57th
PublishedJun 3, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.

Affected Platforms (CPE)

πŸ“¦
Southrivertech

Titan Ftp Server

= 2019

References & Advisories

πŸ”— http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html
πŸ”— http://seclists.org/fulldisclosure/2019/Mar/47
πŸ”— http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html
πŸ”— https://seclists.org/fulldisclosure/2019/Mar/47
πŸ”— https://www.exploit-db.com/exploits/46611
πŸ”— https://www.exploit-db.com/exploits/46611/
πŸ”— http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html
πŸ”— http://seclists.org/fulldisclosure/2019/Mar/47

Related Vulnerabilities

CVE-2008-528110.0

Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE co...

CVE-2008-072510.0

Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow rem...

CVE-2008-07029.3

Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (d...

CVE-2010-24256.5

Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versio...