CVE-2014-1843 Information

Description

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html http://www.exploit-db.com/exploits/31579 http://www.osvdb.org/103197 http://www.securityfocus.com/bid/65469