CVE-2011-3171

NUCLEI

Pureftpd Pure-ftpd < 1.0.22 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.

Nuclei Templates (1)

Pure-FTPd ≤ 1.0.22 - Directory Traversal

LOWVERIFIEDby pussycat0x

Shodan: product:"pure-ftpd" version:"1.0.14" || cpe:"cpe:2.3:a:pureftpd:pure-ftpd"

References (4)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/49541

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/69686

Scores

EPSS 0.0001

EPSS Percentile 3.3%

Details

CWE

CWE-22

Status published

Products (29)

pureftpd/pure-ftpd 0.90

pureftpd/pure-ftpd 0.91

pureftpd/pure-ftpd 0.92

pureftpd/pure-ftpd 0.93

pureftpd/pure-ftpd 0.94

pureftpd/pure-ftpd 0.95 (5 CPE variants)

pureftpd/pure-ftpd 0.95.1

pureftpd/pure-ftpd 0.95.2

pureftpd/pure-ftpd 0.96 (2 CPE variants)

pureftpd/pure-ftpd 0.96.1

... and 19 more

Published Nov 04, 2011

Tracked Since Feb 18, 2026