Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-3171Path Traversal in Pure-ftpd

CWE-22Path Traversal4 documents4 sources
Severity
3.6LOWNVD
EPSS
0.0%
top 96.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Pureftpd Pure-ftpd
Timeline
PublishedNov 4
Latest updateMay 17

Description

Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

NVDpureftpd/pure-ftpd1.0.22+55

🔴Vulnerability Details

2
GHSA
GHSA-r9x3-69v2-2pq2: Directory traversal vulnerability in pure-FTPd 12022-05-17
CVEList
CVE-2011-3171: Directory traversal vulnerability in pure-FTPd 12011-11-04

💥Exploits & PoCs

1
Nuclei
Pure-FTPd ≤ 1.0.22 - Directory Traversal
CVE-2011-3171 — Path Traversal in Pureftpd Pure-ftpd | cvebase