cbcvebase.
CVE-2010-2695
published 2010-07-12

CVE-2010-2695: Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote…

PriorityP431medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.88%
76.8th percentile
Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.

Affected

2 ranges
VendorProductVersion rangeFixed in
xlightftpdxlight_ftp_server
xlightftpdxlight_ftp_server
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.