Exploitation Summary
EIP tracks 1 public exploit for CVE-2007-0888. PoCs published by Sergey Gordeychik.
AI-analyzed exploit summary This exploit demonstrates a path traversal vulnerability in Kiwi CatTools TFTP server up to version 3.2.8, allowing arbitrary file read/write operations. The PoC shows how to download and upload files using directory traversal sequences in TFTP GET and PUT requests.
Description
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
Exploits (1)
This exploit demonstrates a path traversal vulnerability in Kiwi CatTools TFTP server up to version 3.2.8, allowing arbitrary file read/write operations. The PoC shows how to download and upload files using directory traversal sequences in TFTP GET and PUT requests.