CVE-2010-4153

CrossFTP Pro < 1.65a - Path Traversal and Arbitrary File Write via FTP Filename

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44070
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41852
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/68700
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62549

Scores

EPSS 0.0142
EPSS Percentile 69.6%

Details

CWE
CWE-22
Status published
Products (34)
crossftp/crossftp_pro 1.14
crossftp/crossftp_pro 1.15
crossftp/crossftp_pro 1.16
crossftp/crossftp_pro 1.17
crossftp/crossftp_pro 1.18
crossftp/crossftp_pro 1.19
crossftp/crossftp_pro 1.20
crossftp/crossftp_pro 1.21
crossftp/crossftp_pro 1.22
crossftp/crossftp_pro 1.23
... and 24 more
Published Nov 03, 2010
Tracked Since Feb 18, 2026