Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-0483

Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing ("*") characters in a SITE NFO command.

Published

2005-03-30T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application glftpd glftpd 1.26 Yes
Application glftpd glftpd 1.27 Yes
Application glftpd glftpd 1.28 Yes
Application glftpd glftpd 1.29.1 Yes
Application glftpd glftpd 1.31 Yes
Application glftpd glftpd 1.32 Yes
Application glftpd glftpd 2.0 Yes
Application glftpd glftpd 2.0_rc1 Yes
Application glftpd glftpd 2.0_rc2 Yes
Application glftpd glftpd 2.0_rc3 Yes
Application glftpd glftpd 2.0_rc4 Yes
Application glftpd glftpd 2.0_rc5 Yes
Application glftpd glftpd 2.0_rc6 Yes
Application glftpd glftpd 2.0_rc7 Yes
References