CVE-2010-4153
CrossFTP Pro < 1.65a - Path Traversal and Arbitrary File Write via FTP Filename
Title source: llmDescription
Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44070
Vendor Advisory x_refsource_misc
http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_crossftp_pro.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41852
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/68700
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62549
Scores
EPSS
0.0142
EPSS Percentile
69.6%
Details
CWE
CWE-22
Status
published
Products (34)
crossftp/crossftp_pro
1.14
crossftp/crossftp_pro
1.15
crossftp/crossftp_pro
1.16
crossftp/crossftp_pro
1.17
crossftp/crossftp_pro
1.18
crossftp/crossftp_pro
1.19
crossftp/crossftp_pro
1.20
crossftp/crossftp_pro
1.21
crossftp/crossftp_pro
1.22
crossftp/crossftp_pro
1.23
... and 24 more
Published
Nov 03, 2010
Tracked Since
Feb 18, 2026