WFTPD and WFTPD Pro 2.41 RC12 allows remote malicious users to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
texas imperial software wftpd 2.34 |
||
texas imperial software wftpd 2.4.1 |
||
texas imperial software wftpd 2.40 |
||
texas imperial software wftpd pro 2.41_rc12 |
||
texas imperial software wftpd 2.4.1_rc11 |
||
texas imperial software wftpd 2.4.1_rc12 |