Cyber Security

CompleteFTP path traversal flaw allowed attackers to delete server files

Published

August 2, 2022

A security vulnerability in file transfer software CompleteFTP allowed unauthenticated attackers to delete arbitrary files on affected installations.

Developed by EnterpriseDT of Australia, CompleteFTP is a proprietary FTP and SFTP server for Windows that supports FTPS, SFTP, and HTTPS.

A security researcher with the handle rgod discovered a flaw in the HttpFile class that results from the lack of proper validation of a user-supplied path prior to using it in file operations.

“This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP server,” a security advisory explains.

“An attacker can leverage this vulnerability to delete files in the context of SYSTEM.”

The issue was assigned CVE-2022-2560 and was fixed in CompleteFTP version 22.1.1.

This release includes other security enhancements in the form of SHA-2 cryptographic hash function for RSA signatures and a new format for PuTTY private keys.

The Daily Swig has approached EnterpriseDT for comment.

Source: https://portswigger.net/daily-swig/completeftp-path-traversal-flaw-allowed-attackers-to-delete-server-files

In this article:Enterprise, Secure Development, Vulnerabilities

Click to comment

Cyber Security

Google Workspace: New account security, DLP capabilities announced

New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration...

hardnews1August 27, 2023

Cyber Security

CISA warns govt agencies to patch Adobe ColdFusion servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

hardnews1July 23, 2023

Cyber Security

What is Dynamic Application Security Testing (DAST) ?

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

hardnews1July 22, 2023

Cyber Security

HCL BigFix WebUI Flaw Redirect users to External Site

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

hardnews1July 19, 2023

Hard News Hard Hitting News Source Global Political News

Cyber Security

CompleteFTP path traversal flaw allowed attackers to delete server files

Leave a Reply
Cancel reply

Leave a Reply

Business News

Shooting Kills 2 And Injures 18 Victims In Florida Street With Hundreds Of People Nearby

Business News

In Benin, Voodoo’s Birthplace, Believers Bemoan Steady Shrinkage Of Forests They Revere As Sacred

Business News

Mission Impossible? Biden Says Mideast Leaders Must Consider A Two-State Solution After The War Ends

Business News

Internet, Phone Service Gradually Returns After Vanishing For Most Of Gaza Amid Heavy Bombardment

Business News

Thousands Break Into Aid Warehouses In Gaza As Deaths Top 8,000 And Israel Widens Ground Offensive

Cyber Security

CISA needs more money and less red tape, report says

Cyber Security

CISA and HHS look to help the health sector ramp up cyber hygiene

Cyber Security

Massive Phishing Attack Targeting 40+ Prominent Companies

Cyber Security

Nation-state actors are exploiting AI for discord and attacks, DHS warns

Cyber Security

DOE unveils $39 million for electric grid cybersecurity projects

Cyber Security

New Pentagon cyber strategy emphasizes industry and global partnerships

Business News

North Korea’s Kim Gets A Close Look At Russian Fighter Jets As His Tour Narrows Its Focus To Weapons

You May Also Like

Cyber Security

Google Workspace: New account security, DLP capabilities announced

Cyber Security

CISA warns govt agencies to patch Adobe ColdFusion servers

Cyber Security

What is Dynamic Application Security Testing (DAST) ?

Cyber Security

HCL BigFix WebUI Flaw Redirect users to External Site

Leave a Reply Cancel reply

Leave a Reply

Business News

Shooting Kills 2 And Injures 18 Victims In Florida Street With Hundreds Of People Nearby

Business News

In Benin, Voodoo’s Birthplace, Believers Bemoan Steady Shrinkage Of Forests They Revere As Sacred

Business News

Mission Impossible? Biden Says Mideast Leaders Must Consider A Two-State Solution After The War Ends

Business News

Internet, Phone Service Gradually Returns After Vanishing For Most Of Gaza Amid Heavy Bombardment

Business News

Thousands Break Into Aid Warehouses In Gaza As Deaths Top 8,000 And Israel Widens Ground Offensive

Cyber Security

CISA needs more money and less red tape, report says

Cyber Security

CISA and HHS look to help the health sector ramp up cyber hygiene

Cyber Security

Massive Phishing Attack Targeting 40+ Prominent Companies

Cyber Security

Nation-state actors are exploiting AI for discord and attacks, DHS warns

Cyber Security

DOE unveils $39 million for electric grid cybersecurity projects

Cyber Security

New Pentagon cyber strategy emphasizes industry and global partnerships

Business News

North Korea’s Kim Gets A Close Look At Russian Fighter Jets As His Tour Narrows Its Focus To Weapons

You May Also Like

Cyber Security

Google Workspace: New account security, DLP capabilities announced

Cyber Security

CISA warns govt agencies to patch Adobe ColdFusion servers

Cyber Security

What is Dynamic Application Security Testing (DAST) ?

Cyber Security

HCL BigFix WebUI Flaw Redirect users to External Site

Leave a Reply
Cancel reply