VULHUB ™

ArGoSoft FTP server is reportedly affected by a vulnerability regarding the upload of compressed shortcut files. This issue is due to the application failing to verify the contents of ZIP files during execution of the 'SITE UNZIP' command. A malicious user with write permission on any directory could extract a shortcut (.lnk) file that points to the directory of their choice. It is conjectured this issue is related to BID 11589 (ArGoSoft FTP Server Shortcut File Upload Vulnerability) and BID 2961 (ArGoSoft FTP Server .lnk Directory Traversal Vulnerability).

ArGoSoft FTP server is reportedly affected by a vulnerability regarding the upload of compressed shortcut files. This issue is due to the application failing to verify the contents of ZIP files during execution of the 'SITE UNZIP' command. A malicious user with write permission on any directory could extract a shortcut (.lnk) file that points to the directory of their choice. It is conjectured this issue is related to BID 11589 (ArGoSoft FTP Server Shortcut File Upload Vulnerability) and BID 2961 (ArGoSoft FTP Server .lnk Directory Traversal Vulnerability).