CVE-2001-0933
published 2001-11-28CVE-2001-0933: Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an…
PriorityP430high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.40%
90.1th percentile
Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. "ls C:".
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cooolsoft | powerftp | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Absolute Path Traversal
mitre_cwe
CWE-36 Absolute Path Traversal
CWE-36: Absolute Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Confidentiality, Availability. Impact: Execute Unauthorized Code or Commands. The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
Scope: Integrity. Impact: Modify Files or Directories. The attacker may be able to overwrite or create
CWE
Path Traversal: 'C:dirname'
mitre_cwe
CWE-39 Path Traversal: 'C:dirname'
CWE-39: Path Traversal: 'C:dirname'
The product accepts input that contains a drive letter or Windows volume letter ('C:dirname') that potentially redirects access to an unintended location or arbitrary file.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Confidentiality, Availability. Impact: Execute Unauthorized Code or Commands. The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
Scope: Integrity. Impact: Modify Files or Directories. The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending
2001-11-28
Published