Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.

automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be...

NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which dis...

Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack tha...

The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments...