QuickShare File Share FTP Server Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running QuickShare File Share FTP Server and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attackers to read arbitrary files on the affected application. Impact Level: Application

Solution

Upgrade to QuickShare File Share version 1.2.2 or later. For updates refer to http://www.quicksharehq.com/

Insight

The flaw is due to an error while handling certain requests containing 'dot dot' sequences (..) and back slashes in URL, which can be exploited to download arbitrary files from the host system via directory traversal attack.

Affected

QuickShare File Share 1.2.1

References

http://packetstormsecurity.org/files/view/98137/quicksharefs-traverse.txt
http://securityreason.com/exploitalert/9927
http://www.exploit-db.com/exploits/16105/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

WS_FTP Server Manager Security Bypass Vulnerability
Home FTP Server Multiple Directory Traversal Vulnerabilities
XM Easy Personal FTP Server Multiple Command Remote Buffer Overflow Vulnerabilities
SurgeFTP 'surgeftpmgr.cgi' Multiple Cross Site Scripting Vulnerabilities
Buffy 'comb' Command Directory Traversal Vulnerability

Take action and discover your vulnerabilities