This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Downstairs.Dnsalias First view 2009-11-23
Product Home Ftp Server Last view 2009-11-23
Version 1.10.1.139 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:downstairs.dnsalias:home_ftp_server

Activity : Overall

Related : CVE

  Date Alert Description
4 2009-11-23 CVE-2009-4053

Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

5 2009-11-23 CVE-2009-4051

Home FTP Server 1.10.1.139 allows remote attackers to cause a denial of service (daemon outage) via multiple invalid SITE INDEX commands.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
50% (1) CWE-20 Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-23 File System Function Injection, Content Based
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-76 Manipulating Input to File System Calls
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-139 Relative Path Traversal

Open Source Vulnerability Database (OSVDB)

id Description
60450 Home FTP Server Upload Request Traversal Arbitrary File Creation
60449 Home FTP Server MKD Command Traversal Arbitrary Directory Creation
60448 Home FTP Server SITE INDEX Command Handling Remote DoS

OpenVAS Exploits

id Description
2009-12-08 Name : iWeb Server URL Directory Traversal Vulnerability
File : nvt/iWeb_37228.nasl
2009-11-30 Name : Home FTp Server DOS And Multiple Directory Traversal Vulnerabilities
File : nvt/secpod_home_ftp_server_dir_trav_n_dos_vuln.nasl
2009-11-18 Name : Home FTP Server 'SITE INDEX' Command Remote Denial of Service Vulnerability
File : nvt/home_ftp_server_37033.nasl