CVE-2010-2426

Titan FTP Server < 8.10.1125 - Authenticated Path Traversal via XCRC Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2426. PoCs published by jduck, including Metasploit module auxiliary/scanner/ftp/titanftp_xcrc_traversal.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Titan FTP's XCRC command to disclose file contents via CRC brute-forcing. It iteratively retrieves bytes by comparing CRC values to reconstruct the target file.

Description

Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.

Exploits (1)

metasploit WORKING POC
by jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in Titan FTP's XCRC command to disclose file contents via CRC brute-forcing. It iteratively retrieves bytes by comparing CRC values to reconstruct the target file.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Titan FTP up to and including 8.10.1125
Auth required
Prerequisites: FTP server access · Valid credentials · Target file on the same drive as FTP root
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/65533
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40237
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511839/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40949
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59492

Scores

EPSS 0.1226
EPSS Percentile 95.7%

Details

CWE
CWE-22
Status published
Products (50)
southrivertech/titan_ftp_server 1.0.17
southrivertech/titan_ftp_server 1.0.18
southrivertech/titan_ftp_server 1.0.19
southrivertech/titan_ftp_server 1.0.20
southrivertech/titan_ftp_server 1.0.21
southrivertech/titan_ftp_server 1.0.22
southrivertech/titan_ftp_server 1.0.23
southrivertech/titan_ftp_server 1.0.24
southrivertech/titan_ftp_server 1.0.25
southrivertech/titan_ftp_server 1.0.26
... and 40 more
Published Jun 24, 2010
Tracked Since Feb 18, 2026