PlatinumFTPServer 1.0.6 - Arbitrary File Deletion
Author: Dennis Rand type: remote platform: windows port: date_added: 2002-12-30 date_updated: 2012-10-20 verified: 1 codes: tags: aliases: screenshot_url: application_url: raw file: 22113.txt
source: https://www.securityfocus.com/bid/6493/info It has been reported that PlatinumFTPserver fails to properly sanitize some FTP commands. By sending a malicious request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to delete sensitive resources located outside of the FTP root. Deleting arbitrary files may render the system unusable. Other scenarios are also possible. delete ..\..\..\..\boot.ini