TurboFTP Server is a high performance, secure, scalable and management
friendly file transfer server running on Windows platforms. With it you
can easily set up a secure file transfer server that delivers regular FTP,
FTP over SSL/TLS, and SFTP over SSH services with virtual domains,
advanced directory access control, virtual folders, IP access control,
flexible authentication options and many other features.
0x02 : Vulnerability details
Earlier versions may also be affected.
Overview:
1.vendor description of software
------------------------------------------------
TurboFTP Server is a high performance, secure, scalable and management friendly file transfer server running on Windows platforms. With it you can easily set up a secure file transfer server that delivers regular FTP, FTP over SSL/TLS, and "SFTP over SSH" services with virtual domains, advanced directory access control, virtual folders, IP access control, flexible authentication options and many other features.
2.vulnerability details:
------------------------------------------------
Directory Traversal Vulnerability exists in "FTP" and "SFTP" module of Turbo FTP Server that allows an authenticated user to create directories outside the root directory, which may lead to other attacks.
If you could log on the server successfully,
Vulnerability: WinMount 3.3.0401
Vendor: www.winmount.com
1) Software Description:
WinMount is an useful windows utility. It is a compression tool, also a virtual drive tool. It can compress files, decompress/ browse/convert compressed archieves, it
also can mount MOU ZIP RAR and CD DVD HDD images to a virtual disk or virtual folder. Supported formats: MOU ZIP RAR CAB ARJ ISO GZ BZ2 TAR WIM VHD VDI VMDK ISO ISZ BIN MDS/MDF NRG IMG CCD CUE APE FLAC WV.
2) Details:
A filename buffer overflow vulnerability in WinMount 3.3.0401. Poc can generate a zip file, and attackers can change the zip file into a mou file by using WinMount. Exploit successfully allows attackers to execute arbitrary code.
3) Credit:
