February 20th, 2002, 07:15 AM
Power FTP & Falcon WEB vulnerability.
Its nice to hear that dont everybody who are using web and ftp services are hooked to MS IIS. But its less funny to hear that vulnerabilities are found in other products running on the MS OS.
Just a reminder that we are living in a vulnerable world .
AUTHENTICATION BYPASS VULNERABILITY IN BLUEFACE'S FALCON WEB SERVER FOR WINDOWS
SNS Research discovered an authentication-circumvention vulnerability in BlueFace's Falcon Web Server for Windows. A problem in the parsing of requests made to protected directories can let an attacker circumvent the Web server's authentication scheme and access any file in a protected directory without supplying proper credentials. BlueFace has been notified and will release build 18.104.22.1681 to correct this problem.
MULTIPLE VULNERABILITIES IN POWERFTP 2.10 FOR WINDOWS
Several vulnerabilities exist in Cooolsoft's PowerFTP 2.10 for Windows. The first vulnerability lets an attacker traverse the user directory by a direct-path request and permits access to any file on the system. A second vulnerability results from the way the system stores all account information unencrypted in the ftpserver.ini file. A third vulnerability involves a Denial of Service (DoS) attack. Cooolsoft has been notified but hasn't issued a patch.