CVE-2011-4800 Information

Description

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files and list and create arbitrary directories via a ..:/\ (dot dot colon forward slash) in the (1) list (2) put or (3) get commands.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html http://secunia.com/advisories/47021 http://www.exploit-db.com/exploits/18182 http://www.serv-u.com/releasenotes/