CVE-2008-2635

BitKinex 2.9.3 - Path Traversal and Arbitrary File Write via FTP LIST and WebDAV PROPFIND Responses

Title source: llm
STIX 2.1

Description

Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the BitKinex WebDAV client. NOTE: this can be leveraged for code execution by writing to a Startup folder.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42842
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30532
Various Sources x_refsource_misc
http://vuln.sg/bitkinex293-en.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1738/references

Scores

EPSS 0.0224
EPSS Percentile 80.7%

Details

CWE
CWE-22
Status published
Products (1)
barad_dur/bitkinex 2.9.3
Published Jun 10, 2008
Tracked Since Feb 18, 2026