CVE-2010-2426

Southrivertech Titan FTP Server < 8.10.1125 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.

Exploits (1)

metasploit WORKING POC

by jduck · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/40237

[Exploit] http://www.securityfocus.com/bid/40949

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/59492

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/511839/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/65533

Scores

EPSS 0.3024

EPSS Percentile 96.7%

Details

CWE

CWE-22

Status published

Products (50)

southrivertech/titan_ftp_server 1.0.17

southrivertech/titan_ftp_server 1.0.18

southrivertech/titan_ftp_server 1.0.19

southrivertech/titan_ftp_server 1.0.20

southrivertech/titan_ftp_server 1.0.21

southrivertech/titan_ftp_server 1.0.22

southrivertech/titan_ftp_server 1.0.23

southrivertech/titan_ftp_server 1.0.24

southrivertech/titan_ftp_server 1.0.25

southrivertech/titan_ftp_server 1.0.26

... and 40 more

Published Jun 24, 2010

Tracked Since Feb 18, 2026