MidnightBSD

Advisories for ncftp_software

CVE-2002-1345 MEDIUM

Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ncftp_software ncftp 3.0.2
sun solaris 2.6
ncftp_software ncftp 3.0.1
ncftp_software ncftp 3.0.4
ncftp_software ncftp 3.1.0
ncftp_software ncftp 3.0.3
ncftp_software ncftp 3.1.1
ncftp_software ncftp 3.0.0
openbsd openbsd 3.0
ncftp_software ncftp 3.1.2
ncftp_software ncftp 3.1.3
sun sunos -
sun sunos 5.7
sun solaris 7.0
ncftp_software ncftp 3.1.4
CVE-2004-1948 MEDIUM

NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ncftp_software ncftp 3.0.2
ncftp_software ncftp 3.0.1
ncftp_software ncftp 3.1.6
ncftp_software ncftp 3.1.5
ncftp_software ncftp 3.0.4
ncftp_software ncftp 3.1.7
ncftp_software ncftp 3.1.0
ncftp_software ncftp 3.0.3
ncftp_software ncftp 3.1.1
ncftp_software ncftp 3.0.0
ncftp_software ncftp 3.1.2
ncftp_software ncftp 3.1.3
ncftp_software ncftp 3.1.4