VULHUB ™

BisonFTP server can disclose information about files outside the FTP root. If an attacker submits an 'ls' command using the character sequence '@../' then the FTP server will return a directory listing for the parent directory of the FTP root.

BisonFTP server can disclose information about files outside the FTP root. If an attacker submits an 'ls' command using the character sequence '@../' then the FTP server will return a directory listing for the parent directory of the FTP root.