Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.Install Now
Available for macOS, Windows, and Linux
tnftpd 'ftp://' Cross-Site Request Forgery Vulnerability
13 years ago
3 years ago
The host is running tnftpd server and is prone to Cross-Site Request Forgery vulnerability.
The flaw is due to the application truncating an overly long FTP command and improperly interpreting the remainder string as a new FTP command. This can be exploited via unknown vectors, probably involving a crafted 'ftp://' link to a tnftpd server.
NetBSD, tnftpd Version prior to 20080929
Upgrade to tnftpd version 20080929 or later.