CVE-2005-0483

Name of the Vulnerable Software and Affected Versions Glftpd versions 1.26 through 2.00

Description The issue allows remote authenticated users to determine the existence of arbitrary files, list files in restricted directories, or read arbitrary files from within ZIP or gzip files. This is achieved via .. (dot dot) sequences and globbing (*) characters in a SITE NFO command.

Recommendations For Glftpd versions 1.26 through 2.00, consider restricting access to the SITE NFO command until a patch is available, and avoid using .. (dot dot) sequences and globbing (*) characters in this command to minimize the risk of exploitation.