2007-10-19 10:00:00
mitre
PUBLISHED
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an ls @../ command, or (2) list files above the root via a "mget @../FILE" command.