Test ID:	1.3.6.1.4.1.25623.1.0.801535
Category:	FTP
Title:	FreshWebMaster Fresh FTP Filename Directory Traversal Vulnerability
Summary:	Fresh FTP Client is prone to a directory traversal vulnerability.
Description:	Summary: Fresh FTP Client is prone to a directory traversal vulnerability. Vulnerability Insight: The flaw is due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. Vulnerability Impact: Successful exploitation will allow attackers to download files to an arbitrary location on a user's system. Affected Software/OS: FreshWebMaster Fresh FTP version 5.37 and prior Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4149 BugTraq ID: 44072 http://www.securityfocus.com/bid/44072 Bugtraq: 20101013 Directory Traversal Vulnerability in FreshFTP (Google Search) http://www.securityfocus.com/archive/1/514259/100/0/threaded http://packetstormsecurity.org/1010-exploits/freshftp-traversal.txt http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_freshftp.html http://www.osvdb.org/68667 http://secunia.com/advisories/41798 XForce ISS Database: freshftp-ftp-dir-traversal(62555) https://exchange.xforce.ibmcloud.com/vulnerabilities/62555
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.