A directory traversal vulnerability exists in several FTP commands of TwinFTP that may be exploited by a malicious user to access files outside the FTP directory. The problem lies with the incorrect filtering of directory name supplied to CWD, STOR and RETR commands. Versions tested: TwinFTP Server Standard 1.0.3 R2 (Win32) on English WinXP SP1, TwinFTP Server Enterprise 1.0.3 R2 (Win32) on English Win2K SP2.
↧