PlatinumFTPServer 1.0.6 - Arbitrary File Deletion

Author: Dennis Rand
type: remote
platform: windows
port: 
date_added: 2002-12-30  
date_updated: 2012-10-20  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22113.txt  
source: https://www.securityfocus.com/bid/6493/info

It has been reported that PlatinumFTPserver fails to properly sanitize some FTP commands. By sending a malicious request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to delete sensitive resources located outside of the FTP root.

Deleting arbitrary files may render the system unusable. Other scenarios are also possible.

delete ..\..\..\..\boot.ini