3 matches found
glFTPd Multiple Script ZIP File Handling Arbitrary File / Directory Access
The remote glFTPD server fails to properly sanitize user-supplied input to the 'sitenfo.sh', 'sitezpichk.sh', and 'siteziplist.sh'. An attacker could exploit this flaw to disclose arbitrary files by sending a spcially crafted request to the remote host. C Tenable Network Security, Inc...
CVE-2005-0483
GLFTPD 1.26–2.00 is affected by directory traversal via SITE NFO commands in sitenfo.sh, sitezipchk.sh, and siteziplist.sh. The root cause is improper sanitization of user-supplied input, allowing remote authenticated users to (1) determine existence of arbitrary files, (2) list files in restrict...
CVE-2005-0483
Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to 1 determine the existence of arbitrary files, 2 list files in restricted directories, or 3 read arbitrary files from within ZIP or gzip files, v...