Freefloat FTP Server ‘WMI’ Service Arbitrary File Upload Vulnerability

Summary

Freefloat FTP Server is prone to an arbitrary file-upload vulnerability because it fails to adequately validate files before uploading them.

Credit:

The information has been provided by Facundo M. de la Cruz.


Details

Vulnerable Systems:
 * Freefloat Freefloat FTP Server 0

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.

Exploit:
Attackers can exploit this issue through a browser.
The following exploit code is available:
http://downloads.securityfocus.com/vulnerabilities/exploits/56866.py

Disclosure Timeline:
Published: December 09 2012

Categories: News