The Hyperion FTP Server for Windows 95/98/NT/2000 has a vulnerability which allows remote attackers to traverse through directories of a target host. Versions tested against that are vulnerable are Hyperion Ftp Server v2.8.1 / Windows 2000 sp3 and Hyperion Ftp Server v2.8.1 / Windows 98 SE.
f2e3dc440c3dc9d6c71656d2e0914613fa308ff83b4f72614aed8ac43457c54e-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5
- --[ Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability ]--
- --[ Type
Directory Traversal
- --[ Release Date
November 12, 2002
- --[ Product / Vendor
Hyperion FTP Server is a powerful, reliable FTP server for Windows 95/98/NT/2000,
and supports all basic FTP commands, and much more, such as passive mode.
https://www.mollensoft.com
- --[ Summary
A vulnerability exists in Hyperion Ftp Server which allows a remote user to
traverse the directories of a target host. This may lead to the disclosure of
file and directory contents. Arbitrary directories can be accessed through the
use of double dot '../' techniques when using the 'ls' command.
- --[ Tested
Hyperion Ftp Server v2.8.1 / Windows 2000 sp3
Hyperion Ftp Server v2.8.1 / Windows 98 SE
- --[ Vulnerable
Hyperion Ftp Server v2.8.1 / Windows 2000 sp3
Hyperion Ftp Server v2.8.1 / Windows 98 SE
- --[ Disclaimer
https://www.securityoffice.net is not responsible for the misuse or illegal
use of any of the information and/or the software listed on this security advisory.
- --[ Author
Tamer Sahin
ts@securityoffice.net
https://www.securityoffice.net
All our advisories can be viewed at https://www.securityoffice.net/articles/
Please send suggestions, updates, and comments to feedback@securityoffice.net
(c) 2002 SecurityOffice
This Security Advisory may be reproduced and distributed, provided that this Security
Advisory is not modified in any way and is attributed to SecurityOffice and provided
that such reproduction and distribution is performed for non-commercial purposes.
Tamer Sahin
https://www.securityoffice.net
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQEVAwUAPdElEPpL5ibJRTtBAQEyXwf7BywUZz1Ls8HWrNkos35NaErorXA6Geiy
+Ii9NakLjG+ITR86h8FcEnNmjtUpjdGFPqLbDJq7UdpAA/llIBGB5HmURariY8Mf
7aoREOANHy0ShUzwxBvR6OgsaxQ2mpinY15mgyWKwAoq6oUdiOttTTCNYLeZ9sup
Hmf+QWfqWwtUsVxSAqtHGrp7+9QH0aPO8VVsKzE1UrjwMxCBpgv+99u78ESgkWaM
CqwmmTzjPk0x1rzZrDafrQZO34Ts3+72cuM3wV2MDfdQNOO9RC6Hv7MimLZXn+M3
QI0ToqYmHQfctBOG6Bk5cshG5yz7JqFjz8bCI6f1vdoI3PRHR3Kiig==
=pmk3
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed