CVE-2008-1221

EPSS 3.1%

Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/31345unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://aluigi.altervista.org/adv/escaz-adv.txt http://secunia.com/advisories/29246 http://securityreason.com/securityalert/3723 https://exchange.xforce.ibmcloud.com/vulnerabilities/41033 http://www.securityfocus.com/archive/1/489228/100/0/threaded http://www.securityfocus.com/bid/28127