Vulnerabilities > CVE-2005-0483 - Directory Traversal vulnerability in glFTPD ZIP Plugins
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing ("*") characters in a SITE NFO command.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 14 |
Nessus
NASL family | FTP |
NASL id | GLFTPD_ZIP_DIR_TRAVERSAL.NASL |
description | The remote glFTPD server fails to properly sanitize user-supplied input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17245 |
published | 2005-03-01 |
reporter | Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17245 |
title | glFTPd Multiple Script ZIP File Handling Arbitrary File / Directory Access |
code |
|