Published: 14/03/2008 Updated: 11/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote malicious users to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netopia timbuktu pro 8.6.5

Core Security Technologies Advisory - Timbuktu Pro suffers from remote path traversal and log injection vulnerabilities ...

## # $Id: timbuktu_fileuploadrb 11127 2010-11-24 19:35:38Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' c ...

# Core Security Technologies - CoreLabs Advisory # wwwcoresecuritycom/corelabs # Title: Timbuktu Pro Remote Path Traversal and Log Injection # Advisory ID: CORE-2008-0204 # Advisory URL: wwwcoresecuritycom/?action=item&id=2166 # Date published: 2008-03-11 # Date of last update: 2008-03-11 # Vendors contacted: Motorola # Rele ...

#!/usr/bin/perl #ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO # Timbuktu Pro <= 865 Arbitrary File Deletion/Creation # # Bug & Exploit by titon [titon{at}bastardlabs{dot}com] # # Advisory: # labsidefensecom/intelligence/vulnerabilities/displayphp?id=590 # # Copyright: (c)2007 BastardLabs #ooOOooOOooOOooOOooOOooOOooOOooOO ...

CWE-22 http://aluigi.altervista.org/adv/timbuto-adv.txt http://aluigi.org/poc/timbuto.zip http://www.coresecurity.com/?action=item&id=2166 http://www.securityfocus.com/bid/28081 http://secunia.com/advisories/29316 http://securityreason.com/securityalert/3741 http://www.vupen.com/english/advisories/2008/0840 https://www.exploit-db.com/exploits/5238 https://www.exploit-db.com/exploits/4455 http://www.securityfocus.com/archive/1/489414/100/0/threaded http://www.securityfocus.com/archive/1/489382/100/0/threaded http://www.securityfocus.com/archive/1/489360/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/64510/Core-Security-Technologies-Advisory-2008.0204.html https://www.exploit-db.com/exploits/16339/

CVE-2008-1117

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect