CVEs-PoC/2020/CVE-2020-20277.md at dc6e2cf7158eeb24cfecb4d64f4f1da9a8a732e2

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-06-03 00:28:04 +02:00

Files

T

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution.

POC

Reference

http://packetstormsecurity.com/files/167908/uftpd-2.10-Directory-Traversal.html
https://arinerron.com/blog/posts/6

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Live-Hack-CVE/CVE-2020-20277

960 B Raw Blame History

CVE-2020-20277

Description

POC

Reference

Github

960 B

Raw Blame History