CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-0888

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0780%
EPSS Percentile20.00th
Published2007年2月12日
Last Modified2026年4月23日

Vulnerability Description

Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.

Affected Platforms (CPE)

📦
Kiwi Enterprises

Kiwi Cattools

All versions

References & Advisories

🔗 http://secunia.com/advisories/24103
🔗 http://securityreason.com/securityalert/2236
🔗 http://www.kiwisyslog.com/kb/idx/5/178/article/
🔗 http://www.osvdb.org/33162
🔗 http://www.securityfocus.com/archive/1/459500/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/459933/100/0/threaded
🔗 http://www.securityfocus.com/bid/22490
🔗 http://www.vupen.com/english/advisories/2007/0536

相關漏洞威脅

CVE-2021-352306.7

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gai...

CVE-2007-08894.6

Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiw...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-195910.0

Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vector...