CVE-2008-5692
CVE-2008-5692
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/31117unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://aluigi.altervista.org/adv/wsftpweblog-adv.txthttp://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12http://secunia.com/advisories/28822http://securityreason.com/securityalert/4799http://www.securityfocus.com/archive/1/487686/100/200/threadedhttp://www.securityfocus.com/archive/1/487697/100/200/threadedhttp://www.securityfocus.com/bid/27654http://www.vupen.com/english/advisories/2008/0473