6 matches found
CVE-2017-17405
CVE-2017-17405 is a Ruby Net::FTP command-injection vulnerability where Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile invoke Kernel#open on local files; if the localfile argument begins with a pipe, the following command is executed. The default localfile is the ba...
CVE-2017-17405
Removed by vendor...
CVE-2017-17405
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...
Command injection vulnerability in Net::FTP
There is a command injection vulnerability in Net::FTP bundled with Ruby. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the pipe character "|", the command following the pipe character is...
CVE-2005-0372
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. dot dot sequences in filenames returned from a LIST command...
[RHSA-2001:053-06] gftp format string vulnerability corrected
--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: gftp format string vulnerability corrected Advisory ID: RHSA-2001:053-06 Issue date: 2001-04-20 Updated on: 2001-04-23 Product: Red Hat Linux Keywords: gftp format Cross...