CVE-2011-3171
NUCLEIpure-ftpd < 1.0.22 - Local Path Traversal and Arbitrary File Overwrite
Title source: llmExploitation Summary
CVE-2011-3171 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.
Nuclei Templates (1)
Pure-FTPd ≤ 1.0.22 - Directory Traversal
LOWVERIFIEDby pussycat0x
Shodan:
product:"pure-ftpd" version:"1.0.14" || cpe:"cpe:2.3:a:pureftpd:pure-ftpd"
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49541
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69686
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html
Scores
EPSS
0.0001
EPSS Percentile
1.6%
Details
CWE
CWE-22
Status
published
Products (29)
pureftpd/pure-ftpd
0.90
pureftpd/pure-ftpd
0.91
pureftpd/pure-ftpd
0.92
pureftpd/pure-ftpd
0.93
pureftpd/pure-ftpd
0.94
pureftpd/pure-ftpd
0.95 (5 CPE variants)
pureftpd/pure-ftpd
0.95.1
pureftpd/pure-ftpd
0.95.2
pureftpd/pure-ftpd
0.96 (2 CPE variants)
pureftpd/pure-ftpd
0.96.1
... and 19 more
Published
Nov 04, 2011
Tracked Since
Feb 18, 2026