CVE-2004-1294
published 2005-01-10CVE-2004-1294: The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash)…
PriorityP419medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.00%
58.4th percentile
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tnftp | < tnftp 20050625-0.1 (bookworm) | tnftp 20050625-0.1 (bookworm) |
| luke_mewburn | tnftp | — | — |
| luke_mewburn | tnftp | >= 0 < 20050625-0.1 | 20050625-0.1 |
| luke_mewburn | tnftp | >= 0 < 20050625-0.1 | 20050625-0.1 |
| luke_mewburn | tnftp | >= 0 < 20050625-0.1 | 20050625-0.1 |
| luke_mewburn | tnftp | >= 0 < 20050625-0.1 | 20050625-0.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-1294: tnftp - The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to over...
vendor_debian·2004·CVSS 5.0
CVE-2004-1294 [MEDIUM] CVE-2004-1294: tnftp - The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to over...
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.
Scope: local
bookworm: resolved (fixed in 20050625-0.1)
bullseye: resolved (fixed in 20050625-0.1)
forky: resolved (fixed in 20050625-0.1)
sid: resolved (fixed in 20050625-0.1)
trixie: resolved (fixed in 20050625-0.1)
GHSA
GHSA-rg94-3rvq-gh47: The mget function in cmds
ghsa_unreviewed·2022-04-29
CVE-2004-1294 [MEDIUM] GHSA-rg94-3rvq-gh47: The mget function in cmds
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.
OSV
CVE-2004-1294: The mget function in cmds
osv·2005-01-10·CVSS 5.0
CVE-2004-1294 [MEDIUM] CVE-2004-1294: The mget function in cmds
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2005-01-10
Published