Unrated severityNVD Advisory· Published Apr 20, 2004· Updated Apr 16, 2026
CVE-2004-1948
CVE-2004-1948
Description
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.
Affected products
13cpe:2.3:a:ncftp_software:ncftp:3.0.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:ncftp_software:ncftp:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ncftp_software:ncftp:3.1.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- secunia.com/advisories/11438nvdExploitVendor Advisory
- www.securityfocus.com/bid/10182nvdVendor Advisory
- marc.infonvd
- www.osvdb.org/5595nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/15919nvd
News mentions
0No linked articles in our index yet.