Unrated severityNVD Advisory· Published Dec 12, 2007· Updated Apr 23, 2026

CVE-2007-6317

Description

Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.

Affected products

Real Time Logic/Barracudadrive Web Server
cpe:2.3:a:real_time_logic:barracudadrive_web_server:3.7.2:*:*:*:*:*:*:*
Real Time Logic/Barracudadrive Web Server Home Server
cpe:2.3:a:real_time_logic:barracudadrive_web_server_home_server:3.7.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

aluigi.altervista.org/adv/barradrive-adv.txtnvdExploit
www.securityfocus.com/bid/26805nvdExploitPatch
secunia.com/advisories/28032nvdVendor Advisory
securityreason.com/securityalert/3434nvd
www.securityfocus.com/archive/1/484833/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000