CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0888

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0780%
EPSS Percentile20.00th
PublishedFeb 12, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.

Affected Platforms (CPE)

πŸ“¦
Kiwi Enterprises

Kiwi Cattools

All versions

References & Advisories

πŸ”— http://secunia.com/advisories/24103
πŸ”— http://securityreason.com/securityalert/2236
πŸ”— http://www.kiwisyslog.com/kb/idx/5/178/article/
πŸ”— http://www.osvdb.org/33162
πŸ”— http://www.securityfocus.com/archive/1/459500/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/459933/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/22490
πŸ”— http://www.vupen.com/english/advisories/2007/0536

Related Vulnerabilities

CVE-2021-352306.7

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gai...

CVE-2007-08894.6

Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiw...

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...