CVE-2004-2488 Information

Description

Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via \C:\ sequences in the (1) RETR (get) (2) NLST (ls) (3) LIST (ls) (4) RNFR or (5) RNTO FTP commands.

Reference

http://secunia.com/advisories/11216 http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.html http://www.osvdb.org/4557 http://www.securityfocus.com/bid/9970 http://www.securitytracker.com/alerts/2004/Mar/1009545.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15594