CVE-2004-1948

Опубликовано: 20 апр. 2004

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.

Ссылки

http://marc.info/?l=bugtraq&m=108247943201685&w=2
http://secunia.com/advisories/11438
Exploit
Vendor Advisory
http://www.osvdb.org/5595
http://www.securityfocus.com/bid/10182
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15919
http://marc.info/?l=bugtraq&m=108247943201685&w=2
http://secunia.com/advisories/11438
Exploit
Vendor Advisory
http://www.osvdb.org/5595
http://www.securityfocus.com/bid/10182
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15919

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ncftp_software:ncftp:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ncftp_software:ncftp:3.1.7:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00076

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2004-1948

ubuntu

больше 21 года назад

CVE-2004-1948

debian

больше 21 года назад

NcFTP client 3.1.6 and 3.1.7, when the username and password are inclu ...

GHSA-9ww4-42mh-q457

github

больше 3 лет назад

EPSS

Процентиль: 24%

0.00076

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other