|
|
CVE Reference: CVE-2008-1117 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-1117 |
|
|
Description: Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220. |
|
|
CVE Status: Candidate |
|
|
References: SREASON http://securityreason.com/securityalert/3741 SAID Secunia Advisory: SA29316 MISC http://aluigi.org/poc/timbuto.zip http://aluigi.altervista.org/adv/timbuto-adv.txt http://www.coresecurity.com/?action=item&id=2166 MILW0RM http://www.milw0rm.com/exploits/5238 http://www.milw0rm.com/exploits/4455 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489382/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/489414/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/489360/100/0/threaded BID 28081 |
|
| Return to the previous page. |
