A vulnerability has been found within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.

This advisory discloses a vulnerability within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.

The FTP client does not properly sanitise filenames containing directory traversal sequences (forward-slash) that are received from an FTP server in response to the LIST command.

Response to LIST (forward-slash):

-rw-r--r--    1 ftp      ftp            20 Mar 01 05:37 /../../../../../../../../../testfile.txt\r\n

By tricking a user to download a directory from a malicious FTP server that contains files with fowward-slash directory traversal sequences in their filenames, it is possible for the attacker to write files to arbitrary locations on a user's system with privileges of that user. An attacker can potentially leverage this issue to write files into a user's Windows Startup folder and execute arbitrary code when the user logs on.

Kitchen Double Sink Clogged -

Ultimately, the clog is not just a plumbing issue; it is a lesson in cause and effect. As you feed a fifty-foot plumbing snake down the cleanout or, in a moment of final desperation, call the plumber with his hydro-jetter, you make silent promises to the future. You vow to scrape every plate into the trash. You swear to pour grease into a can, not the drain. You promise to run cold water for thirty seconds after using the disposal. These vows, like New Year’s resolutions, will likely be broken. But for a brief, shining moment after the snake breaks through—when you hear that glorious, hollow whoosh of water draining freely from both sinks, the air clearing of its foul breath—you experience a profound relief. The clog is gone. The divide has been bridged. And the kitchen, once a swamp, is again a place of civilized purpose.

The chemical warriors reach for the gel. They pour a thick, caustic snake down the drain, hoping to dissolve the organic mass into a harmless slurry. They wait, they flush, and often they are met with the same slow retreat of water. The clog, they learn, is a stubborn beast, often composed of non-dissolvable grit. The mechanical philosophers, meanwhile, venture under the sink. Armed with a bucket and a wrench, they disassemble the P-trap, revealing a slimy, stinking fist of black goo. They clear it, reassemble, and run the water—only to watch it back up from the other side. The clog, they realize, is deeper, lurking in the wall. kitchen double sink clogged

The double sink is a marvel of hydraulic compromise. Unlike its single-basin cousin, which drains through a single, straightforward pipe, the double sink relies on a calculated partnership. Two bowls share a single trap, connected by a horizontal pipe called a crossover or a continuous waste assembly. This design is brilliant for multitasking—washing vegetables in one side while draining pasta in the other—but it is also a fragile ecosystem. The clog is rarely a single event; it is a story of accumulated negligence, a slow sedimentary biography of a family’s cooking habits. Ultimately, the clog is not just a plumbing

There is a particular brand of domestic despair that sets in not with a bang, but with a gurgle. It begins subtly: the water from the rinsing of a single plate takes a beat too long to disappear. Then, with the flick of the garbage disposal’s switch, a low, labored hum rises from the cabinet below. The final, unmistakable symptom arrives when you turn on the faucet to fill a pot. Instead of draining, the water from the left basin surges up through the right, carrying with it a film of gray scum and the faint, sulfurous whisper of decay. The kitchen double sink, once a symbol of efficiency and modern convenience, has become a single, stagnant body of water. It is clogged. You swear to pour grease into a can, not the drain

2008-06-15 - Vulnerability Discovered.
2008-06-16 - Vulnerability Details Sent to Vendor via online support form (no reply).
2008-06-18 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-25 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-27 - Public Release.