tnftpd prior to 20080929 splits large command strings into multiple commands, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
luke mewburn tnftpd 20061217 |
||
luke mewburn tnftpd 20040810 |
||
luke mewburn tnftpd 20080609 |