Copyright (C) 2005-2012 Tenable Network Security, Inc.
The remote FTP server is suceptible to directory traversal attacks.
The remote glFTPD server fails to properly sanitize user-supplied
input to the 'sitenfo.sh', 'sitezpichk.sh', and 'siteziplist.sh'. An
attacker could exploit this flaw to disclose arbitrary files by
sending a spcially crafted request to the remote host.
See also :
Upgrade to glFTPD 2.01 RC1 or later, as this reportedly fixes the
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true
Nessus Plugin ID: 17245 (glftpd_zip_dir_traversal.nasl)
Bugtraq ID: 12586
CVE ID: CVE-2005-0483
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.