CVE-2008-2635
BitKinex 2.9.3 - Path Traversal and Arbitrary File Write via FTP LIST and WebDAV PROPFIND Responses
Title source: llmDescription
Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the BitKinex WebDAV client. NOTE: this can be leveraged for code execution by writing to a Startup folder.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42842
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30532
Various Sources x_refsource_misc
http://vuln.sg/bitkinex293-en.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1738/references
Scores
EPSS
0.0224
EPSS Percentile
80.7%
Details
CWE
CWE-22
Status
published
Products (1)
barad_dur/bitkinex
2.9.3
Published
Jun 10, 2008
Tracked Since
Feb 18, 2026