Full title: CoreFTP Server MDTM Directory Traversal Exploit 
Category: remote exploits
Platform: windows
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and the last modified date.

# 0day.today @ http://0day.today/