CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-2779

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile6.45th
Published2008年6月19日
Last Modified2026年4月23日

Vulnerability Description

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected Platforms (CPE)

📦
Globalscape

Cuteftp

= 8.2.0
📦
Globalscape

Cuteftp

= 8.2.0

References & Advisories

🔗 http://secunia.com/advisories/29760
🔗 http://vuln.sg/cuteftp820-en.html
🔗 http://www.securitytracker.com/id?1020113
🔗 http://www.vupen.com/english/advisories/2008/1653/references
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/42633
🔗 http://secunia.com/advisories/29760
🔗 http://vuln.sg/cuteftp820-en.html
🔗 http://www.securitytracker.com/id?1020113

関連する脆弱性情報

CVE-2009-34839.3

Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home, and Lite 8.3.3 and 8.3.3.0054...

CVE-2018-253668.4

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicio...

CVE-2003-12607.6

Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command.

CVE-2003-12597.5

Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary...