彙總 glftpd 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 路徑處理缺陷與拒絕服務 等問題,部分漏洞可能導致 應用程式崩潰與檔案覆寫,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2021-31645 | An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection limit. | [email protected] | 7.5 | 0.80% | 2022-07-07 | 2024-11-21 |
| CVE-2006-1253 | Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address. | [email protected] | 7.5 | 0.35% | 2006-03-19 | 2026-04-16 |
| CVE-2005-0483 | Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing ("*") characters in a SITE NFO command. | [email protected] | 5.0 | 0.69% | 2005-03-30 | 2026-04-16 |
| CVE-2001-0965 | glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters. | [email protected] | 5.0 | 6.79% | 2001-08-31 | 2026-04-16 |
| CVE-2000-0587 | The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability. | [email protected] | 10.0 | 0.40% | 2000-06-26 | 2026-04-16 |
| CVE-2000-0040 | glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. | [email protected] | 10.0 | 0.41% | 1999-12-23 | 2026-04-16 |
| CVE-2000-0038 | glFtpD includes a default glftpd user account with a default password and a UID of 0. | [email protected] | 7.5 | 2.98% | 1999-12-23 | 2026-04-16 |