CVE-2010-2695 Information

Description

Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0 3.5.5 and possibly other versions before 3.6 allows remote authenticated users to read overwrite or delete arbitrary files via .. (dot dot) sequences in the (1) ls (2) rm (3) rename and other unspecified commands.

Reference

http://osvdb.org/66037 http://secunia.com/advisories/40473 http://www.securityfocus.com/archive/1/512192/100/0/threaded http://www.xlightftpd.com/whatsnew.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/60151