Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6534

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-6534
Last Modified 27 Mar 2009 12:00:00
Published 26 Mar 2009 05:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2008-6534

Summary

Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument.

Vulnerable Systems

Application

  • Vwsolutions Null Ftp 1.1.0.7


References

XF - nullftpserver-site-command-execution(47099)

CONFIRM - http://www.vwsolutions.com/knowledgeBase/releaseNotes.aspx?productId=14

VUPEN - ADV-2008-3367

BID - 32656

OSVDB - 50486

MILW0RM - 7355

MISC - http://vuln.sg/nullftpserver1107-en.html

SECUNIA - 32999


Last Updated: 27 May 2016 10:49:14