Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnwatch: [SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability

[SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability

From: Tamer Sahin <ts_at_securityoffice.net>
Date: Tue, 12 Nov 2002 17:58:06 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

- --[ Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability ]--

- --[ Type

Directory Traversal

- --[ Release Date

November 12, 2002

- --[ Product / Vendor

Hyperion FTP Server is a powerful, reliable FTP server for Windows 95/98/NT/2000,
and supports all basic FTP commands, and much more, such as passive mode.

http://www.mollensoft.com

- --[ Summary

A vulnerability exists in Hyperion Ftp Server which allows a remote user to
traverse the directories of a target host. This may lead to the disclosure of
file and directory contents. Arbitrary directories can be accessed through the
use of double dot '../' techniques when using the 'ls' command.

- --[ Tested

Hyperion Ftp Server v2.8.1 / Windows 2000 sp3
Hyperion Ftp Server v2.8.1 / Windows 98 SE

- --[ Vulnerable

Hyperion Ftp Server v2.8.1 / Windows 2000 sp3
Hyperion Ftp Server v2.8.1 / Windows 98 SE

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal
use of any of the information and/or the software listed on this security advisory.

- --[ Author

Tamer Sahin
ts_at_securityoffice.net
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to feedback_at_securityoffice.net

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this Security
Advisory is not modified in any way and is attributed to SecurityOffice and provided
that such reproduction and distribution is performed for non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAPdElEPpL5ibJRTtBAQEyXwf7BywUZz1Ls8HWrNkos35NaErorXA6Geiy
+Ii9NakLjG+ITR86h8FcEnNmjtUpjdGFPqLbDJq7UdpAA/llIBGB5HmURariY8Mf
7aoREOANHy0ShUzwxBvR6OgsaxQ2mpinY15mgyWKwAoq6oUdiOttTTCNYLeZ9sup
Hmf+QWfqWwtUsVxSAqtHGrp7+9QH0aPO8VVsKzE1UrjwMxCBpgv+99u78ESgkWaM
CqwmmTzjPk0x1rzZrDafrQZO34Ts3+72cuM3wV2MDfdQNOO9RC6Hv7MimLZXn+M3
QI0ToqYmHQfctBOG6Bk5cshG5yz7JqFjz8bCI6f1vdoI3PRHR3Kiig==
=pmk3
-----END PGP SIGNATURE-----
Received on Nov 12 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos