Max CVSS 10.0 Min CVSS 1.2 Total Count238
IDCVSSSummaryLast (major) updatePublished
CVE-2014-1215 4.6
Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry.
20-03-2018 - 17:29 20-03-2018 - 17:29
CVE-2016-8731 7.5
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device.
21-06-2017 - 15:29 21-06-2017 - 15:29
CVE-2017-7418 2.1
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlin
11-04-2017 - 15:35 04-04-2017 - 13:59
CVE-2010-5298 4.0
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via
26-01-2017 - 15:00 14-04-2014 - 18:38
CVE-2014-3470 4.3
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen
18-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0224 6.8
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL
18-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0198 4.3
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL
18-01-2017 - 21:59 06-05-2014 - 06:44
CVE-2014-7169 10.0
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro
06-01-2017 - 22:00 24-09-2014 - 21:55
CVE-2014-6271 10.0
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman
06-01-2017 - 22:00 24-09-2014 - 14:48
CVE-2014-0221 4.3
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS
06-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0195 6.8
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary c
06-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2015-3306 10.0
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
02-01-2017 - 22:00 18-05-2015 - 11:59
CVE-2013-4359 5.0
Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.
30-12-2016 - 21:59 30-09-2013 - 17:55
CVE-2006-3952 7.5
Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained fro
07-12-2016 - 22:00 01-08-2006 - 17:04
CVE-2016-3125 5.0
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecif
02-12-2016 - 22:26 05-04-2016 - 16:59
CVE-2006-5826 5.8
Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) ch
17-10-2016 - 23:41 09-11-2006 - 20:07
CVE-2006-2180 6.4
Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer
17-10-2016 - 23:39 04-05-2006 - 08:38
CVE-2006-2170 6.4
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer.
17-10-2016 - 23:39 04-05-2006 - 08:38
CVE-2006-0319 5.0
Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands.
17-10-2016 - 23:38 18-01-2006 - 20:03
CVE-2005-2727 5.0
Home Ftp Server 1.0.7 stores sensitive user information and server information in the same directory as the user's home directory, which allows remote authenticated users to obtain sensitive information by obtaining ftpmembers.lst and ftpsettings.lst
17-10-2016 - 23:29 30-08-2005 - 07:45
CVE-2005-2726 5.0
Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:\" (Windows drive letter) sequences in commands such as (1) LIST or (2) RETR.
17-10-2016 - 23:29 30-08-2005 - 07:45
CVE-2005-2426 2.1
FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command.
17-10-2016 - 23:27 03-08-2005 - 00:00
CVE-2005-2390 6.4
Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
17-10-2016 - 23:26 27-07-2005 - 00:00
CVE-2005-2373 7.2
Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands.
17-10-2016 - 23:26 26-07-2005 - 00:00
CVE-2005-2159 5.0
mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote attackers to cause a denial of service (application crash) via a long request.
17-10-2016 - 23:25 06-07-2005 - 00:00
CVE-2005-2085 5.0
Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command.
17-10-2016 - 23:24 05-07-2005 - 00:00
CVE-2005-1484 5.0
Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET command.
17-10-2016 - 23:20 11-05-2005 - 00:00
CVE-2005-1480 5.0
Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows remote attackers to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command.
17-10-2016 - 23:19 11-05-2005 - 00:00
CVE-2005-1078 7.5
XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges.
17-10-2016 - 23:17 12-04-2005 - 00:00
CVE-2005-1034 5.0
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-0779 5.0
PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username.
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0419 7.5
Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command.
17-10-2016 - 23:11 27-04-2005 - 00:00
CVE-2005-0312 2.1
WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating
17-10-2016 - 23:10 27-01-2005 - 00:00
CVE-2005-0278 5.0
The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.
17-10-2016 - 23:09 02-05-2005 - 00:00
CVE-2005-0277 5.0
Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a
17-10-2016 - 23:09 02-05-2005 - 00:00
CVE-2005-0276 5.0
Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) r
17-10-2016 - 23:09 02-05-2005 - 00:00
CVE-2004-2111 8.5
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.
17-10-2016 - 23:06 31-12-2004 - 00:00
CVE-2004-1885 7.2
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.
17-10-2016 - 23:02 31-12-2004 - 00:00
CVE-2004-1884 7.5
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
17-10-2016 - 23:02 23-03-2004 - 00:00
CVE-2004-1883 7.2
Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitr
17-10-2016 - 23:02 31-12-2004 - 00:00
CVE-2004-1848 5.0
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.
17-10-2016 - 23:01 31-12-2004 - 00:00
CVE-2004-1679 5.0
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.
17-10-2016 - 22:59 04-08-2004 - 00:00
CVE-2004-1675 5.0
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
17-10-2016 - 22:58 11-09-2004 - 00:00
CVE-2004-1643 5.0
WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence.
17-10-2016 - 22:58 29-08-2004 - 00:00
CVE-2004-1641 5.0
Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST.
17-10-2016 - 22:58 29-08-2004 - 00:00
CVE-2004-1626 5.0
Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.
17-10-2016 - 22:57 22-10-2004 - 00:00
CVE-2004-1602 5.0
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
17-10-2016 - 22:57 15-10-2004 - 00:00
CVE-2004-1428 5.0
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1135 5.0
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.
17-10-2016 - 22:51 10-01-2005 - 00:00
CVE-2004-0342 2.1
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie wit
17-10-2016 - 22:44 23-11-2004 - 00:00
CVE-2004-0341 2.1
WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.
17-10-2016 - 22:44 23-11-2004 - 00:00
CVE-2004-0340 7.2
Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.
17-10-2016 - 22:44 23-11-2004 - 00:00
CVE-2004-0330 10.0
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
17-10-2016 - 22:44 23-11-2004 - 00:00
CVE-2004-0325 2.1
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demo
17-10-2016 - 22:43 31-12-2004 - 00:00
CVE-2004-0299 2.1
Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of "/" (slash) characters.
17-10-2016 - 22:43 23-11-2004 - 00:00
CVE-2004-0298 5.0
CesarFTP 0.99e allows remote attackers to cause a denial of service (CPU consumption) via a long RETR parameter.
17-10-2016 - 22:43 23-11-2004 - 00:00
CVE-2004-0287 5.0
Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service (crash) via a RETR command with a long argument containing a large number of / (slash) characters, possibly triggering a buffer overflow.
17-10-2016 - 22:43 23-11-2004 - 00:00
CVE-2004-0282 5.0
Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of service (crash) by repeatedly connecting to and disconnecting from the server.
17-10-2016 - 22:43 23-11-2004 - 00:00
CVE-2004-0255 5.0
Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, p
17-10-2016 - 22:42 23-11-2004 - 00:00
CVE-2004-0252 5.0
TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of service (CPU consumption) via an empty USER name.
17-10-2016 - 22:42 23-11-2004 - 00:00
CVE-2004-0148 7.2
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
17-10-2016 - 22:41 15-04-2004 - 00:00
CVE-2003-0831 9.0
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
17-10-2016 - 22:37 17-11-2003 - 00:00
CVE-2003-0466 10.0
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to tr
17-10-2016 - 22:34 27-08-2003 - 00:00
CVE-2003-0392 6.4
Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:).
17-10-2016 - 22:33 02-07-2003 - 00:00
CVE-2003-0343 4.6
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.
17-10-2016 - 22:32 21-05-2003 - 00:00
CVE-2003-0329 4.6
CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges.
17-10-2016 - 22:32 09-06-2003 - 00:00
CVE-2003-0271 7.5
Buffer overflow in Personal FTP Server allows remote attackers to execute arbitrary code via a long USER argument.
17-10-2016 - 22:31 27-05-2003 - 00:00
CVE-2002-2300 7.5
Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com NBX 4.1.4 allows remote attackers to cause a denial of service (crash) via a long CEL command.
17-10-2016 - 22:28 31-12-2002 - 00:00
CVE-2002-0073 5.0
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
17-10-2016 - 22:15 22-04-2002 - 00:00
CVE-2001-0550 7.5
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
17-10-2016 - 22:11 30-11-2001 - 00:00
CVE-2001-0318 7.5
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
17-10-2016 - 22:10 02-06-2001 - 00:00
CVE-2001-0295 5.0
Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command.
17-10-2016 - 22:10 03-05-2001 - 00:00
CVE-2001-0054 5.0
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.
17-10-2016 - 22:09 16-02-2001 - 00:00
CVE-2000-1035 10.0
Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER, PASS, or CWD command.
17-10-2016 - 22:08 11-12-2000 - 00:00
CVE-2000-0573 10.0
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
17-10-2016 - 22:07 07-07-2000 - 00:00
CVE-2000-0479 5.0
Dragon FTP server allows remote attackers to cause a denial of service via a long USER command.
17-10-2016 - 22:07 16-06-2000 - 00:00
CVE-2000-0131 5.0
Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.
17-10-2016 - 22:06 01-02-2000 - 00:00
CVE-1999-1326 5.0
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary f
17-10-2016 - 22:02 04-07-1997 - 00:00
CVE-1999-1058 7.5
Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via several long CWD commands.
17-10-2016 - 22:00 22-11-1999 - 00:00
CVE-1999-0219 7.8
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.
17-10-2016 - 21:59 01-07-1997 - 00:00
CVE-2015-3968 7.5
The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21.
28-10-2015 - 16:57 28-10-2015 - 06:59
CVE-1999-0349 7.5
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
03-08-2015 - 14:29 27-01-1999 - 00:00
CVE-2014-1443 4.0
Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to an out-of-bounds read.
02-05-2014 - 11:21 01-05-2014 - 21:59
CVE-2014-1442 4.0
Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command.
02-05-2014 - 11:19 01-05-2014 - 21:59
CVE-2014-1441 4.3
Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the enter key twice.
02-05-2014 - 11:11 01-05-2014 - 21:59
CVE-2013-2278 10.0
Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the "inter
01-04-2014 - 07:13 31-03-2014 - 23:24
CVE-2011-1575 5.8
The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed
20-02-2014 - 23:41 23-05-2011 - 18:55
CVE-2011-0762 4.0
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions
20-02-2014 - 23:40 02-03-2011 - 15:00
CVE-2001-0187 10.0
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
13-09-2013 - 00:13 26-03-2001 - 00:00
CVE-2008-1668 10.0
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remot
17-07-2013 - 11:41 13-08-2008 - 14:41
CVE-2012-4729 6.8
Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands.
01-03-2013 - 23:46 26-10-2012 - 06:39
CVE-2012-5301 5.0
The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the en
13-02-2013 - 23:57 04-10-2012 - 15:55
CVE-2012-2999 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure th
06-02-2013 - 23:56 04-10-2012 - 15:55
CVE-2012-5329 4.0
Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.
25-01-2013 - 23:58 08-10-2012 - 19:55
CVE-2012-6095 1.2
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
25-01-2013 - 00:00 24-01-2013 - 16:55
CVE-2012-6339 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Lo
31-12-2012 - 00:00 31-12-2012 - 06:50
CVE-2012-3292 7.6
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that doe
07-09-2012 - 00:30 07-06-2012 - 16:55
CVE-2011-4130 9.0
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
08-12-2011 - 00:00 06-12-2011 - 06:55
CVE-2010-4221 10.0
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
14-09-2011 - 23:18 09-11-2010 - 16:00
CVE-2010-3867 7.1
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequence
14-09-2011 - 23:17 09-11-2010 - 16:00
CVE-2011-1137 5.0
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
06-09-2011 - 23:15 11-03-2011 - 12:55
CVE-2009-3023 9.3
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption,
24-06-2011 - 00:00 31-08-2009 - 16:30
CVE-2010-4652 6.8
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted usernam
17-03-2011 - 22:56 01-02-2011 - 20:00
CVE-2008-7265 4.0
The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
17-03-2011 - 22:35 09-11-2010 - 16:00
CVE-2008-5692 5.0
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp wit
07-03-2011 - 22:14 19-12-2008 - 13:30
CVE-2008-4501 9.0
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
07-03-2011 - 22:12 08-10-2008 - 20:00
CVE-2008-4500 4.0
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
07-03-2011 - 22:12 08-10-2008 - 20:00
CVE-2008-0608 5.0
The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to te
07-03-2011 - 22:04 06-02-2008 - 07:00
CVE-2008-0590 9.0
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
07-03-2011 - 22:04 05-02-2008 - 07:00
CVE-2007-2165 5.1
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow rem
07-03-2011 - 21:53 22-04-2007 - 15:19
CVE-2006-6624 4.0
The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command.
07-03-2011 - 21:46 18-12-2006 - 06:28
CVE-2006-6563 6.6
Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
07-03-2011 - 21:46 15-12-2006 - 06:28
CVE-2006-6558 5.0
Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command.
07-03-2011 - 21:46 14-12-2006 - 13:28
CVE-2006-6170 7.5
Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerabi
07-03-2011 - 21:45 30-11-2006 - 10:28
CVE-2006-2961 7.5
Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the d
07-03-2011 - 21:37 12-06-2006 - 16:06
CVE-2006-2225 7.5
Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username.
07-03-2011 - 21:35 05-05-2006 - 15:02
CVE-2006-2172 7.5
Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to (1) MKD or (2) XMKD, as demonstrated by the Infigo FTPStress Fuzzer.
07-03-2011 - 21:35 04-05-2006 - 08:38
CVE-2005-3812 6.8
freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.
07-03-2011 - 21:27 25-11-2005 - 21:03
CVE-2005-1646 7.5
The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to
07-03-2011 - 21:22 18-05-2005 - 00:00
CVE-2005-1323 7.5
Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.
07-03-2011 - 21:21 02-05-2005 - 00:00
CVE-2005-0634 7.5
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.
07-03-2011 - 21:20 02-05-2005 - 00:00
CVE-2001-0247 10.0
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functi
07-03-2011 - 21:05 18-06-2001 - 00:00
CVE-2006-5815 10.0
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
07-03-2011 - 00:00 08-11-2006 - 18:07
CVE-2005-0256 5.0
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir com
07-03-2011 - 00:00 02-05-2005 - 00:00
CVE-2005-3294 5.0
Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.
26-01-2011 - 00:00 23-10-2005 - 17:02
CVE-2011-0507 4.3
FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large number of PORT commands with long arguments, which tri
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2009-4006 10.0
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.
21-08-2010 - 00:00 20-11-2009 - 06:30
CVE-2004-2769 4.0
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.
06-07-2010 - 00:00 02-07-2010 - 16:30
CVE-2009-4873 10.0
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.
26-05-2010 - 00:00 26-05-2010 - 14:30
CVE-2009-0967 4.0
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.
27-04-2010 - 15:24 19-03-2009 - 06:30
CVE-2009-1031 7.8
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
27-04-2010 - 15:23 19-03-2009 - 20:30
CVE-2008-3731 4.0
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.
27-04-2010 - 15:07 20-08-2008 - 12:41
CVE-2009-4815 4.0
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
27-04-2010 - 14:45 27-04-2010 - 11:30
CVE-2004-2533 5.0
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2
27-04-2010 - 00:00 31-12-2004 - 00:00
CVE-2009-4795 6.8
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.
23-04-2010 - 00:00 22-04-2010 - 10:30
CVE-2010-0501 6.8
Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames.
31-03-2010 - 00:00 30-03-2010 - 14:30
CVE-2009-3639 5.8
The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, w
19-12-2009 - 01:58 28-10-2009 - 10:30
CVE-2009-4105 3.5
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands.
30-11-2009 - 00:00 29-11-2009 - 08:08
CVE-2008-6082 5.0
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
20-08-2009 - 01:24 06-02-2009 - 06:30
CVE-2009-1668 4.0
TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of service (CPU consumption) by sending an ABOR (abort) command without an active file transfer.
10-06-2009 - 00:00 18-05-2009 - 14:30
CVE-2009-0543 6.8
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
09-06-2009 - 01:32 12-02-2009 - 11:30
CVE-2009-0542 7.5
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution
09-06-2009 - 01:32 12-02-2009 - 11:30
CVE-2001-0582 4.6
Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.
03-04-2009 - 00:08 22-08-2001 - 00:00
CVE-2008-4242 6.8
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing ses
06-03-2009 - 01:44 25-09-2008 - 15:25
CVE-2008-5693 5.0
Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.
18-02-2009 - 01:25 19-12-2008 - 13:30
CVE-2002-0126 7.5
Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary code via a long argument to (1) USER, (2) PASS, or (3) CWD.
10-09-2008 - 20:00 25-03-2002 - 00:00
CVE-2005-1873 7.5
Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier versions, allow remote attackers to execute arbitrary code via (1) an FTP command with a large string followed by the RMD command with a long string or (2) a globbing ("*") character f
10-09-2008 - 15:40 09-06-2005 - 00:00
CVE-2005-0519 10.0
ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerabilit
10-09-2008 - 15:36 18-02-2005 - 00:00
CVE-2004-0698 3.6
4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.
10-09-2008 - 15:27 27-07-2004 - 00:00
CVE-2004-0695 7.5
Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command.
10-09-2008 - 15:27 27-07-2004 - 00:00
CVE-2004-0376 5.0
oftpd 0.3.6 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command with a large value.
10-09-2008 - 15:26 04-05-2004 - 00:00
CVE-2003-0854 2.1
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
10-09-2008 - 15:20 17-11-2003 - 00:00
CVE-2003-0853 5.0
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
10-09-2008 - 15:20 17-11-2003 - 00:00
CVE-2002-0826 7.5
Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.
10-09-2008 - 15:12 12-08-2002 - 00:00
CVE-2001-1336 7.5
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.
10-09-2008 - 15:10 28-05-2001 - 00:00
CVE-2001-1335 5.0
Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).
10-09-2008 - 15:10 27-05-2001 - 00:00
CVE-2001-0935 7.5
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
10-09-2008 - 15:09 28-11-2001 - 00:00
CVE-2001-0826 7.5
Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD.
10-09-2008 - 15:09 06-12-2001 - 00:00
CVE-2001-0249 10.0
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
10-09-2008 - 15:07 18-06-2001 - 00:00
CVE-2001-0248 10.0
Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.
10-09-2008 - 15:07 18-06-2001 - 00:00
CVE-2000-0648 5.0
WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.
10-09-2008 - 15:05 11-07-2000 - 00:00
CVE-2000-0647 5.0
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.
10-09-2008 - 15:05 21-07-2000 - 00:00
CVE-2000-0574 5.0
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of s
10-09-2008 - 15:05 07-07-2000 - 00:00
CVE-2000-0176 5.0
The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.
10-09-2008 - 15:03 29-02-2000 - 00:00
CVE-1999-0955 7.6
Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.
09-09-2008 - 08:36 23-09-1997 - 00:00
CVE-1999-0950 10.0
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
09-09-2008 - 08:36 28-10-1999 - 00:00
CVE-1999-0911 10.0
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
09-09-2008 - 08:36 27-08-1999 - 00:00
CVE-1999-0880 5.0
Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.
09-09-2008 - 08:36 01-10-1999 - 00:00
CVE-1999-0879 10.0
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
09-09-2008 - 08:36 01-10-1999 - 00:00
CVE-1999-0878 10.0
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
09-09-2008 - 08:36 22-08-1999 - 00:00
CVE-1999-0838 5.0
Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command.
09-09-2008 - 08:36 01-12-1999 - 00:00
CVE-1999-0789 10.0
Buffer overflow in AIX ftpd in the libc library.
09-09-2008 - 08:35 28-09-1999 - 00:00
CVE-1999-0546 4.6
The Windows NT guest account is enabled.
09-09-2008 - 08:34 01-10-1998 - 00:00
CVE-1999-0502 7.5
A Unix account has a default, null, blank, or missing password.
09-09-2008 - 08:34 01-03-1998 - 00:00
CVE-1999-0368 10.0
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
09-09-2008 - 08:34 09-02-1999 - 00:00
CVE-1999-0362 5.0
WS_FTP server remote denial of service through cwd command.
09-09-2008 - 08:34 02-02-1999 - 00:00
CVE-1999-0256 7.5
Buffer overflow in War FTP allows remote execution of commands.
09-09-2008 - 08:34 01-02-1998 - 00:00
CVE-1999-0201 6.4
A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user.
09-09-2008 - 08:34 01-01-1997 - 00:00
CVE-1999-0082 10.0
CWD ~root command in ftpd allows root access.
09-09-2008 - 08:33 11-11-1988 - 00:00
CVE-1999-0081 5.0
wu-ftp allows files to be overwritten via the rnfr command.
09-09-2008 - 08:33 11-01-1997 - 00:00
CVE-1999-0080 10.0
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.
09-09-2008 - 08:33 30-11-1995 - 00:00
CVE-1999-0079 5.0
Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.
09-09-2008 - 08:33 12-09-1997 - 00:00
CVE-1999-0075 5.0
PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.
09-09-2008 - 08:33 16-10-1996 - 00:00
CVE-1999-0017 7.5
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
09-09-2008 - 08:33 10-12-1997 - 00:00
CVE-2008-1221 5.0
Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (g
05-09-2008 - 17:37 10-03-2008 - 13:44
CVE-2006-6171 7.5
** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSiz
05-09-2008 - 17:14 30-11-2006 - 10:28
CVE-2006-5569 6.4
FtpXQ Server 3.0.1 installs with two default testing accounts, which allows remote attackers to read or write arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party informa
05-09-2008 - 17:12 27-10-2006 - 12:07
CVE-2006-1693 5.0
Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument.
05-09-2008 - 17:02 11-04-2006 - 06:02
CVE-2005-4553 7.5
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long APPE command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
05-09-2008 - 16:57 28-12-2005 - 06:03
CVE-2005-2850 5.0
SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and (2) PASS commands, possibly due to a buffer overflow or off-by-one error.
05-09-2008 - 16:52 08-09-2005 - 06:03
CVE-2005-2142 2.1
Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.
05-09-2008 - 16:50 05-07-2005 - 00:00
CVE-2005-1815 5.0
Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a long argument to FTPD (ftpdw.exe) or (2) a large amount o
05-09-2008 - 16:50 01-06-2005 - 00:00
CVE-2005-1415 10.0
Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.
05-09-2008 - 16:49 03-05-2005 - 00:00
CVE-2005-0851 5.0
FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression), allows remote attackers to cause a denial of service (infinite loop) via certain file uploads or directory listings.
05-09-2008 - 16:47 02-05-2005 - 00:00
CVE-2005-0850 5.0
FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others.
05-09-2008 - 16:47 02-05-2005 - 00:00
CVE-2005-0696 7.5
Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5.
05-09-2008 - 16:47 08-03-2005 - 00:00
CVE-2005-0520 10.0
ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519.
05-09-2008 - 16:46 23-02-2005 - 00:00
CVE-2005-0483 5.0
Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3)
05-09-2008 - 16:46 30-03-2005 - 00:00
CVE-2004-2728 3.5
Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-2672 7.5
Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-2523 6.5
Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-2418 7.2
Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT.
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-2082 5.0
The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters.
05-09-2008 - 16:43 13-02-2004 - 00:00
CVE-2004-2081 5.0
The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2074 5.0
Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-1627 7.5
Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command.
05-09-2008 - 16:41 22-10-2004 - 00:00
CVE-2004-1439 7.5
Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD.
05-09-2008 - 16:41 31-12-2004 - 00:00
CVE-2004-0185 10.0
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
05-09-2008 - 16:37 15-03-2004 - 00:00
CVE-2003-1327 9.3
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-0500 10.0
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER nam
05-09-2008 - 16:34 07-08-2003 - 00:00
CVE-2002-1974 10.0
The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root.
05-09-2008 - 16:31 31-12-2002 - 00:00
CVE-2002-0558 5.0
Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters.
05-09-2008 - 16:28 03-07-2002 - 00:00
CVE-2001-1156 5.0
TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.
05-09-2008 - 16:25 08-10-2001 - 00:00
CVE-2001-1112 7.5
Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters.
05-09-2008 - 16:25 12-09-2001 - 00:00
CVE-2001-1109 7.5
Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.
05-09-2008 - 16:25 12-09-2001 - 00:00
CVE-2001-1021 7.5
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
05-09-2008 - 16:25 26-07-2001 - 00:00
CVE-2001-0770 7.5
Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command.
05-09-2008 - 16:24 18-10-2001 - 00:00
CVE-2001-0680 5.0
Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.
05-09-2008 - 16:24 20-09-2001 - 00:00
CVE-2001-0491 5.0
Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST.
05-09-2008 - 16:24 27-06-2001 - 00:00
CVE-2001-0456 7.5
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
05-09-2008 - 16:24 27-06-2001 - 00:00
CVE-2001-0450 6.4
Directory traversal vulnerability in Transsoft FTP Broker before 5.5 allows attackers to (1) delete arbitrary files via DELETE, or (2) list arbitrary directories via LIST, via a .. (dot dot) in the file name.
05-09-2008 - 16:24 27-06-2001 - 00:00
CVE-2001-0325 7.5
Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large number of arguments to the stat command.
05-09-2008 - 16:23 03-05-2001 - 00:00
CVE-2001-0283 6.4
Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT.
05-09-2008 - 16:23 03-05-2001 - 00:00
CVE-2001-0188 5.0
GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to cause a denial of service via a flood of connections to the server, which causes it to crash.
05-09-2008 - 16:23 26-03-2001 - 00:00
CVE-2001-0065 10.0
Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2001-0053 10.0
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2000-1194 7.5
Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands.
05-09-2008 - 16:22 31-08-2001 - 00:00
CVE-2000-0943 7.5
Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0871 5.0
Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server.
05-09-2008 - 16:22 14-11-2000 - 00:00
CVE-2000-0870 7.5
Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string.
05-09-2008 - 16:22 14-11-2000 - 00:00
CVE-2000-0856 7.5
Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request.
05-09-2008 - 16:22 14-11-2000 - 00:00
CVE-2000-0837 5.0
FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes.
05-09-2008 - 16:21 14-11-2000 - 00:00
CVE-2000-0699 10.0
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.
05-09-2008 - 16:21 20-10-2000 - 00:00
CVE-2000-0640 7.5
Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not.
05-09-2008 - 16:21 08-07-2000 - 00:00
CVE-2003-1349 5.0
Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command.
05-09-2008 - 00:00 31-12-2003 - 00:00
CVE-1999-0497 0.0
Anonymous FTP is enabled.
13-07-2007 - 00:00 01-01-1999 - 00:00
CVE-1999-0527 10.0
The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.
20-10-2005 - 00:00 01-01-1999 - 00:00
CVE-1999-0200 10.0
Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.
20-10-2005 - 00:00 01-01-1999 - 00:00
Back to Top Mark selected
Back to Top