CyberSec.Space Logo
Back to CVE Browser

CVE-2008-2779

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile6.45th
PublishedJun 19, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected Platforms (CPE)

πŸ“¦
Globalscape

Cuteftp

= 8.2.0
πŸ“¦
Globalscape

Cuteftp

= 8.2.0

References & Advisories

πŸ”— http://secunia.com/advisories/29760
πŸ”— http://vuln.sg/cuteftp820-en.html
πŸ”— http://www.securitytracker.com/id?1020113
πŸ”— http://www.vupen.com/english/advisories/2008/1653/references
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/42633
πŸ”— http://secunia.com/advisories/29760
πŸ”— http://vuln.sg/cuteftp820-en.html
πŸ”— http://www.securitytracker.com/id?1020113

Related Vulnerabilities

CVE-2009-34839.3

Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home, and Lite 8.3.3 and 8.3.3.0054...

CVE-2018-253668.4

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicio...

CVE-2003-12607.6

Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command.

CVE-2003-12597.5

Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary...