Vulnerabilites related to ncftp_software - ncftp
cve-2004-1948
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10182 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/11438 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=108247943201685&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/5595 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15919 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10182"
},
{
"name": "11438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11438"
},
{
"name": "20040419 NcFTP - password leaking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"name": "5595",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5595"
},
{
"name": "ncftp-info-disclosure(15919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via \"ps aux,\" which displays the URL in the process list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10182"
},
{
"name": "11438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11438"
},
{
"name": "20040419 NcFTP - password leaking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"name": "5595",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5595"
},
{
"name": "ncftp-info-disclosure(15919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via \"ps aux,\" which displays the URL in the process list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10182"
},
{
"name": "11438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11438"
},
{
"name": "20040419 NcFTP - password leaking",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"name": "5595",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5595"
},
{
"name": "ncftp-info-disclosure(15919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1948",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1345
Vulnerability from cvelistv5
Published
2002-12-17 05:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/6360 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/210409 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=103962838628940&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A | vendor-advisory, x_refsource_SGI | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.iss.net/security_center/static/10821.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6360"
},
{
"name": "VU#210409",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"name": "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"name": "20021205-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"name": "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name": "ftp-client-filename-traversal(10821)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10821.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6360"
},
{
"name": "VU#210409",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"name": "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"name": "20021205-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"name": "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name": "ftp-client-filename-traversal(10821)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10821.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6360"
},
{
"name": "VU#210409",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"name": "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"name": "20021205-01-A",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"name": "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name": "ftp-client-filename-traversal(10821)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10821.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1345",
"datePublished": "2002-12-17T05:00:00",
"dateReserved": "2002-12-09T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2002-12-23 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ncftp_software | ncftp | 3.0.0 | |
| ncftp_software | ncftp | 3.0.1 | |
| ncftp_software | ncftp | 3.0.2 | |
| ncftp_software | ncftp | 3.0.3 | |
| ncftp_software | ncftp | 3.0.4 | |
| ncftp_software | ncftp | 3.1.0 | |
| ncftp_software | ncftp | 3.1.1 | |
| ncftp_software | ncftp | 3.1.2 | |
| ncftp_software | ncftp | 3.1.3 | |
| ncftp_software | ncftp | 3.1.4 | |
| openbsd | openbsd | 3.0 | |
| sun | solaris | 2.6 | |
| sun | solaris | 7.0 | |
| sun | sunos | - | |
| sun | sunos | 5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4465B8F4-7724-4689-850D-E6D80139CED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF0F37A-78B1-412E-95CD-E71C86FE8191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B76BBA94-E991-442E-9112-00B75E24D9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46864AF6-9CC9-448D-9B37-71735C0D255D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4172CB-B527-4573-8F4C-0F5297377399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DAE9558-3CA6-4F3C-A45C-458168322E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3340DBE8-BFA5-4A2E-8854-FFDBB5190AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01299616-C41D-4FEC-9616-890239760774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "334A8F5F-9E09-4B72-9CC7-A5CA9DA4D63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "378852D8-2916-46FF-97B4-1C0D54D1BE53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60DA30A1-3360-46BC-85B7-008D535F95BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34EBF074-78C8-41AF-88F1-DA6726E56F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "8F1F312C-413F-4DB4-ABF4-48E33F6FECF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08003947-A4F1-44AC-84C6-9F8D097EB759",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences."
}
],
"id": "CVE-2002-1345",
"lastModified": "2024-11-20T23:41:05.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10821.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10821.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6360"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-20 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ncftp_software | ncftp | 3.0.0 | |
| ncftp_software | ncftp | 3.0.1 | |
| ncftp_software | ncftp | 3.0.2 | |
| ncftp_software | ncftp | 3.0.3 | |
| ncftp_software | ncftp | 3.0.4 | |
| ncftp_software | ncftp | 3.1.0 | |
| ncftp_software | ncftp | 3.1.1 | |
| ncftp_software | ncftp | 3.1.2 | |
| ncftp_software | ncftp | 3.1.3 | |
| ncftp_software | ncftp | 3.1.4 | |
| ncftp_software | ncftp | 3.1.5 | |
| ncftp_software | ncftp | 3.1.6 | |
| ncftp_software | ncftp | 3.1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4465B8F4-7724-4689-850D-E6D80139CED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF0F37A-78B1-412E-95CD-E71C86FE8191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B76BBA94-E991-442E-9112-00B75E24D9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46864AF6-9CC9-448D-9B37-71735C0D255D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4172CB-B527-4573-8F4C-0F5297377399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DAE9558-3CA6-4F3C-A45C-458168322E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3340DBE8-BFA5-4A2E-8854-FFDBB5190AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01299616-C41D-4FEC-9616-890239760774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "334A8F5F-9E09-4B72-9CC7-A5CA9DA4D63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "378852D8-2916-46FF-97B4-1C0D54D1BE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B531753-DA42-45D8-9EA0-57F30C3AE3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EA354C98-88C9-4235-B5E6-E5B11208F0DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B852FE5-8706-4404-8EA5-65B0EF127745",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via \"ps aux,\" which displays the URL in the process list."
}
],
"id": "CVE-2004-1948",
"lastModified": "2024-11-20T23:52:07.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11438"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5595"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10182"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}