Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by net2ftp
CVE-2008-5275 (GCVE-0-2008-5275)
Vulnerability from nvd – Published: 2008-11-28 18:26 – Updated: 2024-08-07 10:49
VLAI
EPSS
VEX
Summary
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://vuln.sg/net2ftp096-en.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/29664 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/30611 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "net2ftp-requesthandling-code-execution(42994)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42994"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vuln.sg/net2ftp096-en.html"
},
{
"name": "29664",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29664"
},
{
"name": "30611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (a) \"Unzip archive\" and (b) \"Upload files and archives\" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "net2ftp-requesthandling-code-execution(42994)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42994"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vuln.sg/net2ftp096-en.html"
},
{
"name": "29664",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29664"
},
{
"name": "30611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the (a) \"Unzip archive\" and (b) \"Upload files and archives\" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "net2ftp-requesthandling-code-execution(42994)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42994"
},
{
"name": "http://vuln.sg/net2ftp096-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/net2ftp096-en.html"
},
{
"name": "29664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29664"
},
{
"name": "30611",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5275",
"datePublished": "2008-11-28T18:26:00.000Z",
"dateReserved": "2008-11-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5194 (GCVE-0-2006-5194)
Vulnerability from nvd – Published: 2006-10-06 21:00 – Updated: 2024-08-07 19:41
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/447535/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/3890 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/22255 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/20313 | vdb-entryx_refsource_BID |
Date Public
2006-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"name": "ADV-2006-3890",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3890"
},
{
"name": "22255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22255"
},
{
"name": "20313",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"name": "ADV-2006-3890",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3890"
},
{
"name": "22255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22255"
},
{
"name": "20313",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"name": "ADV-2006-3890",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3890"
},
{
"name": "22255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22255"
},
{
"name": "20313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5194",
"datePublished": "2006-10-06T21:00:00.000Z",
"dateReserved": "2006-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:04.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5097 (GCVE-0-2006-5097)
Vulnerability from nvd – Published: 2006-09-29 21:00 – Updated: 2024-08-07 19:41 Disputed
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says "the variable is set in settings.inc.php, so this is not a vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.net2ftp.org/forums/viewtopic.php?pid=6689 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/447535/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.net2ftp.org/forums/viewtopic.php?pid=6676 | x_refsource_MISC |
| http://www.net2ftp.org/forums/viewtopic.php?pid=6687 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/448037/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.attrition.org/pipermail/vim/2006-Octob… | mailing-listx_refsource_VIM |
| http://www.securityfocus.com/archive/1/447916/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/1655 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/447156/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.attrition.org/pipermail/vim/2006-Octob… | mailing-listx_refsource_VIM |
Date Public
2006-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6689"
},
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6687"
},
{
"name": "20061009 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448037/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-October/001077.html"
},
{
"name": "20061006 Re: net2ftp Remote File Inclusion - bogus report",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447916/100/0/threaded"
},
{
"name": "net2ftp-index-file-include(29203)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29203"
},
{
"name": "1655",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1655"
},
{
"name": "20060926 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447156/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-October/001076.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says \"the variable is set in settings.inc.php, so this is not a vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6689"
},
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6687"
},
{
"name": "20061009 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448037/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-October/001077.html"
},
{
"name": "20061006 Re: net2ftp Remote File Inclusion - bogus report",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447916/100/0/threaded"
},
{
"name": "net2ftp-index-file-include(29203)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29203"
},
{
"name": "1655",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1655"
},
{
"name": "20060926 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447156/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-October/001076.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says \"the variable is set in settings.inc.php, so this is not a vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.net2ftp.org/forums/viewtopic.php?pid=6689",
"refsource": "MISC",
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6689"
},
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"name": "http://www.net2ftp.org/forums/viewtopic.php?pid=6676",
"refsource": "MISC",
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6676"
},
{
"name": "http://www.net2ftp.org/forums/viewtopic.php?pid=6687",
"refsource": "MISC",
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6687"
},
{
"name": "20061009 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448037/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-October/001077.html"
},
{
"name": "20061006 Re: net2ftp Remote File Inclusion - bogus report",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447916/100/0/threaded"
},
{
"name": "net2ftp-index-file-include(29203)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29203"
},
{
"name": "1655",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1655"
},
{
"name": "20060926 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447156/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-October/001076.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5097",
"datePublished": "2006-09-29T21:00:00.000Z",
"dateReserved": "2006-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:04.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5275 (GCVE-0-2008-5275)
Vulnerability from cvelistv5 – Published: 2008-11-28 18:26 – Updated: 2024-08-07 10:49
VLAI
EPSS
VEX
Summary
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://vuln.sg/net2ftp096-en.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/29664 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/30611 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "net2ftp-requesthandling-code-execution(42994)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42994"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vuln.sg/net2ftp096-en.html"
},
{
"name": "29664",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29664"
},
{
"name": "30611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (a) \"Unzip archive\" and (b) \"Upload files and archives\" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "net2ftp-requesthandling-code-execution(42994)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42994"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vuln.sg/net2ftp096-en.html"
},
{
"name": "29664",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29664"
},
{
"name": "30611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the (a) \"Unzip archive\" and (b) \"Upload files and archives\" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "net2ftp-requesthandling-code-execution(42994)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42994"
},
{
"name": "http://vuln.sg/net2ftp096-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/net2ftp096-en.html"
},
{
"name": "29664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29664"
},
{
"name": "30611",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5275",
"datePublished": "2008-11-28T18:26:00.000Z",
"dateReserved": "2008-11-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5194 (GCVE-0-2006-5194)
Vulnerability from cvelistv5 – Published: 2006-10-06 21:00 – Updated: 2024-08-07 19:41
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/447535/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/3890 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/22255 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/20313 | vdb-entryx_refsource_BID |
Date Public
2006-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"name": "ADV-2006-3890",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3890"
},
{
"name": "22255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22255"
},
{
"name": "20313",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"name": "ADV-2006-3890",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3890"
},
{
"name": "22255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22255"
},
{
"name": "20313",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"name": "ADV-2006-3890",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3890"
},
{
"name": "22255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22255"
},
{
"name": "20313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5194",
"datePublished": "2006-10-06T21:00:00.000Z",
"dateReserved": "2006-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:04.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5097 (GCVE-0-2006-5097)
Vulnerability from cvelistv5 – Published: 2006-09-29 21:00 – Updated: 2024-08-07 19:41 Disputed
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says "the variable is set in settings.inc.php, so this is not a vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.net2ftp.org/forums/viewtopic.php?pid=6689 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/447535/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.net2ftp.org/forums/viewtopic.php?pid=6676 | x_refsource_MISC |
| http://www.net2ftp.org/forums/viewtopic.php?pid=6687 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/448037/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.attrition.org/pipermail/vim/2006-Octob… | mailing-listx_refsource_VIM |
| http://www.securityfocus.com/archive/1/447916/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/1655 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/447156/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.attrition.org/pipermail/vim/2006-Octob… | mailing-listx_refsource_VIM |
Date Public
2006-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6689"
},
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6687"
},
{
"name": "20061009 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448037/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-October/001077.html"
},
{
"name": "20061006 Re: net2ftp Remote File Inclusion - bogus report",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447916/100/0/threaded"
},
{
"name": "net2ftp-index-file-include(29203)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29203"
},
{
"name": "1655",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1655"
},
{
"name": "20060926 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447156/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-October/001076.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says \"the variable is set in settings.inc.php, so this is not a vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6689"
},
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6687"
},
{
"name": "20061009 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448037/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-October/001077.html"
},
{
"name": "20061006 Re: net2ftp Remote File Inclusion - bogus report",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447916/100/0/threaded"
},
{
"name": "net2ftp-index-file-include(29203)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29203"
},
{
"name": "1655",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1655"
},
{
"name": "20060926 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447156/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-October/001076.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says \"the variable is set in settings.inc.php, so this is not a vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.net2ftp.org/forums/viewtopic.php?pid=6689",
"refsource": "MISC",
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6689"
},
{
"name": "20061002 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447535/100/0/threaded"
},
{
"name": "http://www.net2ftp.org/forums/viewtopic.php?pid=6676",
"refsource": "MISC",
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6676"
},
{
"name": "http://www.net2ftp.org/forums/viewtopic.php?pid=6687",
"refsource": "MISC",
"url": "http://www.net2ftp.org/forums/viewtopic.php?pid=6687"
},
{
"name": "20061009 Re: net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448037/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-October/001077.html"
},
{
"name": "20061006 Re: net2ftp Remote File Inclusion - bogus report",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447916/100/0/threaded"
},
{
"name": "net2ftp-index-file-include(29203)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29203"
},
{
"name": "1655",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1655"
},
{
"name": "20060926 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447156/100/0/threaded"
},
{
"name": "20061009 net2ftp: a web based FTP client :) \u003c= Remote File Inclusion (fwd)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-October/001076.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5097",
"datePublished": "2006-09-29T21:00:00.000Z",
"dateReserved": "2006-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:04.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}