A vulnerability has been found within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.

This advisory discloses a vulnerability within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.

The FTP client does not properly sanitise filenames containing directory traversal sequences (forward-slash) that are received from an FTP server in response to the LIST command.

Response to LIST (forward-slash):

-rw-r--r--    1 ftp      ftp            20 Mar 01 05:37 /../../../../../../../../../testfile.txt\r\n

By tricking a user to download a directory from a malicious FTP server that contains files with fowward-slash directory traversal sequences in their filenames, it is possible for the attacker to write files to arbitrary locations on a user's system with privileges of that user. An attacker can potentially leverage this issue to write files into a user's Windows Startup folder and execute arbitrary code when the user logs on.

Crush-2 -90----s V-rock Best Hit Cover Songs- -23.2011-.rar – Validated

CRUSH-2 appears to be a compilation or a collection of music, specifically focusing on cover songs that were featured in V-Rock events. The "-90----s" part likely indicates that the collection features songs from the 1990s, a decade that was particularly vibrant for the visual kei and rock scenes in Japan. The mention of "best hit cover songs" suggests that this collection includes popular and well-received covers.

The "-23.2011-" in the title could imply a release or a specific event in 2011. Given that 2011 was a significant year for Japan due to the Tohoku earthquake and tsunami, events like music festivals and album releases played a crucial role in providing solace and unity. CRUSH-2 -90----s V-Rock best hit cover songs- -23.2011-.rar

The ".rar" at the end of the title suggests that CRUSH-2 is distributed as a RAR archive file. This file format is commonly used for compressing and archiving digital files, making it easier to share large collections of music or data over the internet. CRUSH-2 appears to be a compilation or a

V-Rock's best hit cover songs collection, as implied by CRUSH-2, offers a unique insight into the tastes and preferences of the V-Rock audience. Cover songs in the context of V-Rock events serve as a tribute to the original artists and songs, while also showcasing the versatility and range of the performing bands. These covers can range from faithful reproductions to innovative reinterpretations, often breathing new life into the original tracks. The "-23

The music scene in Japan, particularly the visual kei and rock genres, has a rich history of creativity and expression. Among the numerous events and festivals that celebrate these genres, V-Rock stands out as a significant platform. V-Rock, short for Visual Rock, encompasses a wide range of bands known for their elaborate costumes, makeup, and hairstyles, along with their music.

For enthusiasts of Japanese rock music, collections like CRUSH-2 offer a way to explore the diverse talents within the scene and enjoy both original works and creative covers. As with any music archive, the true value of CRUSH-2 lies in its ability to connect listeners with the bands and songs that define the V-Rock legacy.

While specific details about CRUSH-2 and its direct connection to V-Rock's best hit cover songs are somewhat elusive, it's clear that the topic taps into a fascinating aspect of Japan's music culture. The visual kei and rock scenes, as represented by events like V-Rock, continue to inspire and entertain fans with their music, aesthetics, and the sense of community they foster.

2008-06-15 - Vulnerability Discovered.
2008-06-16 - Vulnerability Details Sent to Vendor via online support form (no reply).
2008-06-18 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-25 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-27 - Public Release.