Iglooftp: Security Vulnerabilities
IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-01-10
The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-01-10
Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands.
CVSS Score
7.5
EPSS Score
0.062
Published
2003-08-18