Technology
An incompleteFTP path traversal bug made it possible for attackers to remove server files.
Security issue fixed in version 22.1.1 of file transfer software.
A security vulnerability in file transfer software CompleteFTP allowed unauthenticated attackers to delete arbitrary files on affected installations.
Developed by EnterpriseDT of Australia, CompleteFTP is a proprietary FTP and SFTP server for Windows that supports FTPS, SFTP, and HTTPS.
A security researcher with the handle rgod discovered a flaw in the HttpFile class that results from the lack of proper validation of a user-supplied path prior to using it in file operations.
“This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP server,” a security advisory explains.
“An attacker can leverage this vulnerability to delete files in the context of SYSTEM.”
The issue was assigned CVE-2022-2560 and was fixed in CompleteFTP version 22.1.1.
This release includes other security enhancements in the form of SHA-2 cryptographic hash function for RSA signatures and a new format for PuTTY private keys.
-
Technology2 years ago
VoIP Number: Everything You Need To Know
-
Music2 months ago
[Music] Gnash Ft Olivia O’Brien – I Hate you, I Love you
-
Music1 month ago
[INSTRUMENTAL] John Legend – All Of Me
-
Music2 months ago
Alan Walker – Faded [INSTRUMENTAL]
-
Music1 month ago
[Video] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
-
Music1 month ago
[Instrumental] Wiz Khalifa – See You Again ft. Charlie Puth
-
ANE Stories4 months ago
[STORY] AMAKA THE LESBIAN (Complete Episodes)
-
Music2 months ago
[Music] Akon – Sorry Blame It On Me