CyberSec.Space Logo
Back to CVE Browser

CVE-2000-0587

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1010%
EPSS Percentile16.10th
PublishedJun 26, 2000
Last ModifiedApr 16, 2026

Vulnerability Description

The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.

Affected Platforms (CPE)

πŸ“¦
Glftpd

Glftpd

= 1.18
πŸ“¦
Glftpd

Glftpd

= 1.19
πŸ“¦
Glftpd

Glftpd

= 1.20
πŸ“¦
Glftpd

Glftpd

= 1.21b1
πŸ“¦
Glftpd

Glftpd

= 1.21b2
πŸ“¦
Glftpd

Glftpd

= 1.21b3
πŸ“¦
Glftpd

Glftpd

= 1.21b4
πŸ“¦
Glftpd

Glftpd

= 1.21b5
πŸ“¦
Glftpd

Glftpd

= 1.21b6
πŸ“¦
Glftpd

Glftpd

= 1.21b7
πŸ“¦
Glftpd

Glftpd

= 1.21b8

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html
πŸ”— http://www.securityfocus.com/bid/1401
πŸ”— http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000%40twix.thrijswijk.nl
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html
πŸ”— http://www.securityfocus.com/bid/1401
πŸ”— http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000%40twix.thrijswijk.nl

Related Vulnerabilities

CVE-2000-004010.0

glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.

CVE-2021-316457.5

An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection lim...

CVE-2000-00387.5

glFtpD includes a default glftpd user account with a default password and a UID of 0.

CVE-2006-12537.5

Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possib...