PlatinumFTPServer 1.0.6 - Arbitrary File Deletion

Author: Dennis Rand
type: remote
platform: windows
port: 
date_added: 2002-12-30 
date_updated: 2012-10-20 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/6493/info

It has been reported that PlatinumFTPserver fails to properly sanitize some FTP commands. By sending a malicious request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to delete sensitive resources located outside of the FTP root.

Deleting arbitrary files may render the system unusable. Other scenarios are also possible.

delete ..\..\..\..\boot.ini