CVE-2014-1841
published 2014-04-29CVE-2014-1841: Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home…
PriorityP339medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.85%
90.9th percentile
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| southrivertech | titan_ftp_server | <= 10.40 | — |
| southrivertech | titan_ftp_server | — | — |
| southrivertech | titan_ftp_server | — | — |
| southrivertech | titan_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Titan FTP Server 10.32 Build 1816 - Directory Traversal
exploitdb·2014-02-11·CVSS 5.0
CVE-2014-1843 [MEDIUM] Titan FTP Server 10.32 Build 1816 - Directory Traversal
Titan FTP Server 10.32 Build 1816 - Directory Traversal
---
"Titan FTP Server Directory Traversal Vulnerabilities"
- Affected Vendor: South River Technologies
- Affected System: Titan FTP Server software (Version 10.32 Build 1816)
- Vendor Disclosure Date: January 27th, 2014
- Public Disclosure Date: February 10h, 2014
- Vulnerabilities' Status: Fixed
Associated CVEs:
1) CVE-2014-1841:
It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface.
2) CVE-2014-1842:
It is possible to obtain the complete list of existing users by writing "/../" on the search bar.
3) CVE-2014-1843:
It is possible to observe the "Properties" for an existing user home folder.
This also allows for enumeration of existing users on the
Nuclei
Titan FTP Server < 10.40 Move Function - Directory Traversal
nuclei·CVSS 5.0
CVE-2014-1841 [MEDIUM] Titan FTP Server < 10.40 Move Function - Directory Traversal
Titan FTP Server < 10.40 Move Function - Directory Traversal
Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability in the Move function. Remote attackers can copy the complete home folder of another user by exploiting the ../ path traversal in the search-bar value, allowing unauthorized access to sensitive user data.
Template:
id: CVE-2014-1841
info:
name: Titan FTP Server < 10.40 Move Function - Directory Traversal
author: pussycat0x
severity: medium
description: |
Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability in the Move function. Remote attackers can copy the complete home folder of another user by exploiting the ../ path traversal in the search-bar value, allowing unauthorized access to sens
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.htmlhttp://www.exploit-db.com/exploits/31579http://www.osvdb.org/103195http://www.securityfocus.com/bid/65462http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.htmlhttp://www.exploit-db.com/exploits/31579http://www.osvdb.org/103195http://www.securityfocus.com/bid/65462
2014-04-29
Published