CVE-2004-2674

Name of the Vulnerable Software and Affected Versions ArGoSoft FTP Server versions prior to 1.4.1.6

Description The issue allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument. This can be exploited by including .. sequences in the argument to traverse directories and check for files outside the intended directory.

Recommendations For versions prior to 1.4.1.6, update to version 1.4.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the SITE UNZIP command until the update is applied.