CVE-2004-2487 - Backboneless Greenwich

Description

Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) ..\ (2) \..\\ (backslash dot dot) or (3) \/../\ sequences in (a) RETR (get) (b) NLST (ls) (c) LIST (ls) (d) RNFR or (e) RNTO FTP commands.

Reference

http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.html http://www.securityfocus.com/bid/9970 http://www.osvdb.org/4557 http://www.securitytracker.com/alerts/2004/Mar/1009545.html http://secunia.com/advisories/11216 https://exchange.xforce.ibmcloud.com/vulnerabilities/15594