Vulnerabilities > CVE-2004-1948 - Unspecified vulnerability in Ncftp Software Ncftp

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ncftp-software

NVD

Published: 2004-04-20

Updated: 2024-11-20

Summary

NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.

Vulnerable Configurations

Part	Description	Count
Application	Ncftp_Software Ncftp Software Ncftp 3.0.2 Ncftp Software Ncftp 3.1.3 Ncftp Software Ncftp 3.1.4 Ncftp Software Ncftp 3.0.0 Ncftp Software Ncftp 3.1.0 Ncftp Software Ncftp 3.0.3 Ncftp Software Ncftp 3.1.6 Ncftp Software Ncftp 3.1.1 Ncftp Software Ncftp 3.1.2 Ncftp Software Ncftp 3.0.4 Ncftp Software Ncftp 3.1.7 Ncftp Software Ncftp 3.0.1 Ncftp Software Ncftp 3.1.5	13

References

http://marc.info/?l=bugtraq&m=108247943201685&w=2
http://marc.info/?l=bugtraq&m=108247943201685&w=2
http://secunia.com/advisories/11438
http://secunia.com/advisories/11438
http://www.osvdb.org/5595
http://www.osvdb.org/5595
http://www.securityfocus.com/bid/10182
http://www.securityfocus.com/bid/10182
https://exchange.xforce.ibmcloud.com/vulnerabilities/15919
https://exchange.xforce.ibmcloud.com/vulnerabilities/15919