cbcvebase.
CVE-2004-1294
published 2005-01-10

CVE-2004-1294: The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash)…

PriorityP419medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.00%
58.4th percentile
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiantnftp< tnftp 20050625-0.1 (bookworm)tnftp 20050625-0.1 (bookworm)
luke_mewburntnftp
luke_mewburntnftp>= 0 < 20050625-0.120050625-0.1
luke_mewburntnftp>= 0 < 20050625-0.120050625-0.1
luke_mewburntnftp>= 0 < 20050625-0.120050625-0.1
luke_mewburntnftp>= 0 < 20050625-0.120050625-0.1

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.