CVE-2005-0372
EPSS 4.1%gftp - missing input sanitising
Published: 5/2/2005Modified: 4/28/2026
Also known as:DEBIAN-CVE-2005-0372
Description
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
Affected packages (2)
- Debian/gftpfrom 0, < 2.0.18-1
- Debian/gftpfrom 0, < 2.0.11-1woody1