CVE-2004-1948

Sažetak

NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.

Reference

http://marc.info/?l=bugtraq&m=108247943201685&w=2
http://secunia.com/advisories/11438
http://www.osvdb.org/5595
http://www.securityfocus.com/bid/10182
https://exchange.xforce.ibmcloud.com/vulnerabilities/15919

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:31

Objavljeno

20-04-2004 - 04:00