Description
Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/24684
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17740
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=109788315103778&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1011708
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12849
Exploit x_refsource_misc
http://aluigi.altervista.org/adv/yak-adv.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/10763
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11433
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/378533
Scores
EPSS
0.0788
EPSS Percentile
92.1%
Details
Status
published
Products (6)
digicraft_software/yak
2.0
digicraft_software/yak
2.0.1
digicraft_software/yak
2.0.2
digicraft_software/yak
2.1.0
digicraft_software/yak
2.1.1
digicraft_software/yak
2.1.2
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026