Search criteria
6 vulnerabilities found for ncftp by ncftp_software
CVE-2004-1948 (GCVE-0-2004-1948)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:07
VLAI?
Summary
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10182"
},
{
"name": "11438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11438"
},
{
"name": "20040419 NcFTP - password leaking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"name": "5595",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5595"
},
{
"name": "ncftp-info-disclosure(15919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via \"ps aux,\" which displays the URL in the process list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10182"
},
{
"name": "11438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11438"
},
{
"name": "20040419 NcFTP - password leaking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"name": "5595",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5595"
},
{
"name": "ncftp-info-disclosure(15919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via \"ps aux,\" which displays the URL in the process list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10182"
},
{
"name": "11438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11438"
},
{
"name": "20040419 NcFTP - password leaking",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"name": "5595",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5595"
},
{
"name": "ncftp-info-disclosure(15919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1948",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1345 (GCVE-0-2002-1345)
Vulnerability from cvelistv5 – Published: 2002-12-17 05:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6360"
},
{
"name": "VU#210409",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"name": "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"name": "20021205-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"name": "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name": "ftp-client-filename-traversal(10821)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10821.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6360"
},
{
"name": "VU#210409",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"name": "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"name": "20021205-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"name": "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name": "ftp-client-filename-traversal(10821)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10821.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6360"
},
{
"name": "VU#210409",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"name": "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"name": "20021205-01-A",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"name": "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name": "ftp-client-filename-traversal(10821)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10821.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1345",
"datePublished": "2002-12-17T05:00:00",
"dateReserved": "2002-12-09T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1948 (GCVE-0-2004-1948)
Vulnerability from nvd – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:07
VLAI?
Summary
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10182"
},
{
"name": "11438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11438"
},
{
"name": "20040419 NcFTP - password leaking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"name": "5595",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5595"
},
{
"name": "ncftp-info-disclosure(15919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via \"ps aux,\" which displays the URL in the process list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10182"
},
{
"name": "11438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11438"
},
{
"name": "20040419 NcFTP - password leaking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"name": "5595",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5595"
},
{
"name": "ncftp-info-disclosure(15919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via \"ps aux,\" which displays the URL in the process list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10182"
},
{
"name": "11438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11438"
},
{
"name": "20040419 NcFTP - password leaking",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"name": "5595",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5595"
},
{
"name": "ncftp-info-disclosure(15919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1948",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1345 (GCVE-0-2002-1345)
Vulnerability from nvd – Published: 2002-12-17 05:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6360"
},
{
"name": "VU#210409",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"name": "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"name": "20021205-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"name": "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name": "ftp-client-filename-traversal(10821)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10821.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6360"
},
{
"name": "VU#210409",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"name": "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"name": "20021205-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"name": "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name": "ftp-client-filename-traversal(10821)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10821.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6360"
},
{
"name": "VU#210409",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"name": "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"name": "20021205-01-A",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"name": "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name": "ftp-client-filename-traversal(10821)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10821.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1345",
"datePublished": "2002-12-17T05:00:00",
"dateReserved": "2002-12-09T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2004-1948
Vulnerability from fkie_nvd - Published: 2004-04-20 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ncftp_software | ncftp | 3.0.0 | |
| ncftp_software | ncftp | 3.0.1 | |
| ncftp_software | ncftp | 3.0.2 | |
| ncftp_software | ncftp | 3.0.3 | |
| ncftp_software | ncftp | 3.0.4 | |
| ncftp_software | ncftp | 3.1.0 | |
| ncftp_software | ncftp | 3.1.1 | |
| ncftp_software | ncftp | 3.1.2 | |
| ncftp_software | ncftp | 3.1.3 | |
| ncftp_software | ncftp | 3.1.4 | |
| ncftp_software | ncftp | 3.1.5 | |
| ncftp_software | ncftp | 3.1.6 | |
| ncftp_software | ncftp | 3.1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4465B8F4-7724-4689-850D-E6D80139CED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF0F37A-78B1-412E-95CD-E71C86FE8191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B76BBA94-E991-442E-9112-00B75E24D9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46864AF6-9CC9-448D-9B37-71735C0D255D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4172CB-B527-4573-8F4C-0F5297377399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DAE9558-3CA6-4F3C-A45C-458168322E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3340DBE8-BFA5-4A2E-8854-FFDBB5190AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01299616-C41D-4FEC-9616-890239760774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "334A8F5F-9E09-4B72-9CC7-A5CA9DA4D63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "378852D8-2916-46FF-97B4-1C0D54D1BE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B531753-DA42-45D8-9EA0-57F30C3AE3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EA354C98-88C9-4235-B5E6-E5B11208F0DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B852FE5-8706-4404-8EA5-65B0EF127745",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via \"ps aux,\" which displays the URL in the process list."
}
],
"id": "CVE-2004-1948",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11438"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5595"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10182"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108247943201685\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-1345
Vulnerability from fkie_nvd - Published: 2002-12-23 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ncftp_software | ncftp | 3.0.0 | |
| ncftp_software | ncftp | 3.0.1 | |
| ncftp_software | ncftp | 3.0.2 | |
| ncftp_software | ncftp | 3.0.3 | |
| ncftp_software | ncftp | 3.0.4 | |
| ncftp_software | ncftp | 3.1.0 | |
| ncftp_software | ncftp | 3.1.1 | |
| ncftp_software | ncftp | 3.1.2 | |
| ncftp_software | ncftp | 3.1.3 | |
| ncftp_software | ncftp | 3.1.4 | |
| openbsd | openbsd | 3.0 | |
| sun | solaris | 2.6 | |
| sun | solaris | 7.0 | |
| sun | sunos | - | |
| sun | sunos | 5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4465B8F4-7724-4689-850D-E6D80139CED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF0F37A-78B1-412E-95CD-E71C86FE8191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B76BBA94-E991-442E-9112-00B75E24D9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46864AF6-9CC9-448D-9B37-71735C0D255D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4172CB-B527-4573-8F4C-0F5297377399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DAE9558-3CA6-4F3C-A45C-458168322E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3340DBE8-BFA5-4A2E-8854-FFDBB5190AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01299616-C41D-4FEC-9616-890239760774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "334A8F5F-9E09-4B72-9CC7-A5CA9DA4D63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "378852D8-2916-46FF-97B4-1C0D54D1BE53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60DA30A1-3360-46BC-85B7-008D535F95BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34EBF074-78C8-41AF-88F1-DA6726E56F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "8F1F312C-413F-4DB4-ABF4-48E33F6FECF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08003947-A4F1-44AC-84C6-9F8D097EB759",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences."
}
],
"id": "CVE-2002-1345",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10821.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103962838628940\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10821.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6360"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}