Vulnerabilities > CVE-2005-2420 - Remote Command Execution vulnerability in FTPLocate
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | FtpLocate <= 2.02 (current) Remote Command Execution Exploit. CVE-2005-2420. Webapps exploit for cgi platform |
id | EDB-ID:1120 |
last seen | 2016-01-31 |
modified | 2005-07-25 |
published | 2005-07-25 |
reporter | newbug |
source | https://www.exploit-db.com/download/1120/ |
title | FtpLocate <= 2.02 current Remote Command Execution Exploit |
Nessus
NASL family | CGI abuses |
NASL id | FTPLOCATE_FSITE_CMD_EXEC.NASL |
description | The remote host is running FtpLocate, a web search engine for FTP sites written in Perl. The installed version of FtpLocate allows remote attackers to execute commands on the remote host by manipulating input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19300 |
published | 2005-07-26 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19300 |
title | FtpLocate flsearch.pl fsite Parameter Remote File Inclusion |
code |
|