NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=108247943201685&w=2 | |
http://secunia.com/advisories/11438 | Exploit Vendor Advisory |
http://www.osvdb.org/5595 | |
http://www.securityfocus.com/bid/10182 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/15919 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2004-04-20 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2004-1948
Mitre link : CVE-2004-1948
CVE.ORG link : CVE-2004-1948
JSON object : View
Products Affected
ncftp_software
- ncftp
CWE