Date: Wed, 12 Jul 2000 21:56:58 +0200 From: "zillion @ safemode" <zillion@SAFEMODE.ORG> Subject: ftp.pl vulnerability To: BUGTRAQ@SECURITYFOCUS.COM Feartech ftp browser problem From the creators page ( http://www.feartech.com/vv/ftp.shtml ) -- snip -- FTP Browser allows you to display a html enhanced directory listing, which is great for managing your ftp files. FTP Browser can do all of the following: -- snip -- But wait.. it can do more than just that : http://www.server.com/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc The vedor has been notified a week ago but has released no fix or update This ain't something huge but the script is offered on various script archives. zillion site: http://www.safemode.org email: zillion@safemode.org