QuickShare File Share FTP Server Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running QuickShare File Share FTP Server and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attackers to read arbitrary files on the affected application. Impact Level: Application

Solution

Upgrade to QuickShare File Share version 1.2.2 or later. For updates refer to http://www.quicksharehq.com/

Insight

The flaw is due to an error while handling certain requests containing 'dot dot' sequences (..) and back slashes in URL, which can be exploited to download arbitrary files from the host system via directory traversal attack.

Affected

QuickShare File Share 1.2.1

References

http://packetstormsecurity.org/files/view/98137/quicksharefs-traverse.txt
http://securityreason.com/exploitalert/9927
http://www.exploit-db.com/exploits/16105/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

VicFTPS 'LIST' Command Remote Denial of Service Vulnerability
Ipswitch WS_FTP Professional 'HTTP' Response Format String Vulnerability
ProFTPD Denial of Service Vulnerability
SmartFTP Client Information Disclosure Vulnerability
httpdx Multiple Remote Denial Of Service Vulnerabilities

Take action and discover your vulnerabilities