CVE-2015-7602

BisonWare BisonFTP <3.5 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.

Exploits (2)

exploitdb WORKING POC

by Jay Turla · pythonremotewindows

https://www.exploit-db.com/exploits/38341

View Code ZIP pw:eip

metasploit WORKING POC

by Jay Turla, James Fitts · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ftp/bison_ftp_traversal.rb

View Code ZIP pw:eip

References (2)

[Exploit] http://packetstormsecurity.com/files/133749/BisonWare-BisonFTP-3.5-Directory-Traversal.html

[Exploit] https://www.exploit-db.com/exploits/38341/

Scores

EPSS 0.5258

EPSS Percentile 97.9%

Classification

CWE

CWE-22

Status draft

Affected Products (1)

bisonware/bisonftp

Timeline

Published Sep 29, 2015

Tracked Since Feb 18, 2026