Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities by FileZilla
CVE-2016-15003 (GCVE-0-2016-15003)
Vulnerability from cvelistv5 – Published: 2022-07-18 08:35 – Updated: 2025-04-15 14:04
VLAI
Title
FileZilla Client Installer uninstall.exe unquoted search path
Summary
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/39803/ | x_refsource_MISC |
| https://youtu.be/r06VwwJ9J4M | x_refsource_MISC |
| https://vuldb.com/?id.97204 | x_refsource_MISC |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39803/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/r06VwwJ9J4M"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.97204"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-15003",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:05:18.669915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:04:41.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Client",
"vendor": "FileZilla",
"versions": [
{
"status": "affected",
"version": "3.17.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Cyril Vallicari"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\\Program Files\\FileZilla FTP Client\\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T08:35:11.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/39803/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/r06VwwJ9J4M"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.97204"
}
],
"title": "FileZilla Client Installer uninstall.exe unquoted search path",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2016-15003",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "FileZilla Client Installer uninstall.exe unquoted search path"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client",
"version": {
"version_data": [
{
"version_value": "3.17.0.0"
}
]
}
}
]
},
"vendor_name": "FileZilla"
}
]
}
},
"credit": "Cyril Vallicari",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\\Program Files\\FileZilla FTP Client\\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/39803/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/39803/"
},
{
"name": "https://youtu.be/r06VwwJ9J4M",
"refsource": "MISC",
"url": "https://youtu.be/r06VwwJ9J4M"
},
{
"name": "https://vuldb.com/?id.97204",
"refsource": "MISC",
"url": "https://vuldb.com/?id.97204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2016-15003",
"datePublished": "2022-07-18T08:35:11.000Z",
"dateReserved": "2022-07-16T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:04:41.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-10003 (GCVE-0-2015-10003)
Vulnerability from cvelistv5 – Published: 2022-07-17 06:35 – Updated: 2025-04-15 14:04
VLAI
Title
FileZilla Server PORT confused deputy
Summary
A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-441 - Unintended Intermediary
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securitygalore.com/site3/filezilla_ftp… | x_refsource_MISC |
| https://vuldb.com/?id.97203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FileZilla | Server |
Affected:
0.9.0
Affected: 0.9.1 Affected: 0.9.2 Affected: 0.9.3 Affected: 0.9.4 Affected: 0.9.5 Affected: 0.9.6 Affected: 0.9.7 Affected: 0.9.8 Affected: 0.9.9 Affected: 0.9.10 Affected: 0.9.11 Affected: 0.9.12 Affected: 0.9.13 Affected: 0.9.14 Affected: 0.9.15 Affected: 0.9.16 Affected: 0.9.17 Affected: 0.9.18 Affected: 0.9.19 Affected: 0.9.20 Affected: 0.9.21 Affected: 0.9.22 Affected: 0.9.23 Affected: 0.9.24 Affected: 0.9.25 Affected: 0.9.26 Affected: 0.9.27 Affected: 0.9.28 Affected: 0.9.29 Affected: 0.9.30 Affected: 0.9.31 Affected: 0.9.32 Affected: 0.9.33 Affected: 0.9.34 Affected: 0.9.35 Affected: 0.9.36 Affected: 0.9.37 Affected: 0.9.38 Affected: 0.9.39 Affected: 0.9.40 Affected: 0.9.41 Affected: 0.9.42 Affected: 0.9.43 Affected: 0.9.44 Affected: 0.9.45 Affected: 0.9.46 Affected: 0.9.47 Affected: 0.9.48 Affected: 0.9.49 Affected: 0.9.50 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:24.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.97203"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2015-10003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:12:25.035988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:04:51.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Server",
"vendor": "FileZilla",
"versions": [
{
"status": "affected",
"version": "0.9.0"
},
{
"status": "affected",
"version": "0.9.1"
},
{
"status": "affected",
"version": "0.9.2"
},
{
"status": "affected",
"version": "0.9.3"
},
{
"status": "affected",
"version": "0.9.4"
},
{
"status": "affected",
"version": "0.9.5"
},
{
"status": "affected",
"version": "0.9.6"
},
{
"status": "affected",
"version": "0.9.7"
},
{
"status": "affected",
"version": "0.9.8"
},
{
"status": "affected",
"version": "0.9.9"
},
{
"status": "affected",
"version": "0.9.10"
},
{
"status": "affected",
"version": "0.9.11"
},
{
"status": "affected",
"version": "0.9.12"
},
{
"status": "affected",
"version": "0.9.13"
},
{
"status": "affected",
"version": "0.9.14"
},
{
"status": "affected",
"version": "0.9.15"
},
{
"status": "affected",
"version": "0.9.16"
},
{
"status": "affected",
"version": "0.9.17"
},
{
"status": "affected",
"version": "0.9.18"
},
{
"status": "affected",
"version": "0.9.19"
},
{
"status": "affected",
"version": "0.9.20"
},
{
"status": "affected",
"version": "0.9.21"
},
{
"status": "affected",
"version": "0.9.22"
},
{
"status": "affected",
"version": "0.9.23"
},
{
"status": "affected",
"version": "0.9.24"
},
{
"status": "affected",
"version": "0.9.25"
},
{
"status": "affected",
"version": "0.9.26"
},
{
"status": "affected",
"version": "0.9.27"
},
{
"status": "affected",
"version": "0.9.28"
},
{
"status": "affected",
"version": "0.9.29"
},
{
"status": "affected",
"version": "0.9.30"
},
{
"status": "affected",
"version": "0.9.31"
},
{
"status": "affected",
"version": "0.9.32"
},
{
"status": "affected",
"version": "0.9.33"
},
{
"status": "affected",
"version": "0.9.34"
},
{
"status": "affected",
"version": "0.9.35"
},
{
"status": "affected",
"version": "0.9.36"
},
{
"status": "affected",
"version": "0.9.37"
},
{
"status": "affected",
"version": "0.9.38"
},
{
"status": "affected",
"version": "0.9.39"
},
{
"status": "affected",
"version": "0.9.40"
},
{
"status": "affected",
"version": "0.9.41"
},
{
"status": "affected",
"version": "0.9.42"
},
{
"status": "affected",
"version": "0.9.43"
},
{
"status": "affected",
"version": "0.9.44"
},
{
"status": "affected",
"version": "0.9.45"
},
{
"status": "affected",
"version": "0.9.46"
},
{
"status": "affected",
"version": "0.9.47"
},
{
"status": "affected",
"version": "0.9.48"
},
{
"status": "affected",
"version": "0.9.49"
},
{
"status": "affected",
"version": "0.9.50"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amit Klein"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Intermediary",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-17T06:35:12.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.97203"
}
],
"title": "FileZilla Server PORT confused deputy",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2015-10003",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "FileZilla Server PORT confused deputy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Server",
"version": {
"version_data": [
{
"version_value": "0.9.0"
},
{
"version_value": "0.9.1"
},
{
"version_value": "0.9.2"
},
{
"version_value": "0.9.3"
},
{
"version_value": "0.9.4"
},
{
"version_value": "0.9.5"
},
{
"version_value": "0.9.6"
},
{
"version_value": "0.9.7"
},
{
"version_value": "0.9.8"
},
{
"version_value": "0.9.9"
},
{
"version_value": "0.9.10"
},
{
"version_value": "0.9.11"
},
{
"version_value": "0.9.12"
},
{
"version_value": "0.9.13"
},
{
"version_value": "0.9.14"
},
{
"version_value": "0.9.15"
},
{
"version_value": "0.9.16"
},
{
"version_value": "0.9.17"
},
{
"version_value": "0.9.18"
},
{
"version_value": "0.9.19"
},
{
"version_value": "0.9.20"
},
{
"version_value": "0.9.21"
},
{
"version_value": "0.9.22"
},
{
"version_value": "0.9.23"
},
{
"version_value": "0.9.24"
},
{
"version_value": "0.9.25"
},
{
"version_value": "0.9.26"
},
{
"version_value": "0.9.27"
},
{
"version_value": "0.9.28"
},
{
"version_value": "0.9.29"
},
{
"version_value": "0.9.30"
},
{
"version_value": "0.9.31"
},
{
"version_value": "0.9.32"
},
{
"version_value": "0.9.33"
},
{
"version_value": "0.9.34"
},
{
"version_value": "0.9.35"
},
{
"version_value": "0.9.36"
},
{
"version_value": "0.9.37"
},
{
"version_value": "0.9.38"
},
{
"version_value": "0.9.39"
},
{
"version_value": "0.9.40"
},
{
"version_value": "0.9.41"
},
{
"version_value": "0.9.42"
},
{
"version_value": "0.9.43"
},
{
"version_value": "0.9.44"
},
{
"version_value": "0.9.45"
},
{
"version_value": "0.9.46"
},
{
"version_value": "0.9.47"
},
{
"version_value": "0.9.48"
},
{
"version_value": "0.9.49"
},
{
"version_value": "0.9.50"
}
]
}
}
]
},
"vendor_name": "FileZilla"
}
]
}
},
"credit": "Amit Klein",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unintended Intermediary"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory",
"refsource": "MISC",
"url": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory"
},
{
"name": "https://vuldb.com/?id.97203",
"refsource": "MISC",
"url": "https://vuldb.com/?id.97203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2015-10003",
"datePublished": "2022-07-17T06:35:12.000Z",
"dateReserved": "2022-07-16T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:04:51.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5429 (GCVE-0-2019-5429)
Vulnerability from cvelistv5 – Published: 2019-04-29 14:13 – Updated: 2024-08-04 19:54
VLAI
Summary
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
Severity
No CVSS data available.
CWE
- CWE-426 - Untrusted Search Path (CWE-426)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-14 | x_refsource_MISC |
| https://svn.filezilla-project.org/filezilla?view=… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202007-51 | vendor-advisoryx_refsource_GENTOO |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.filezilla-project.org/filezilla?view=revision\u0026revision=9112"
},
{
"name": "FEDORA-2019-d109db9c8a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7WUJWTJA55ILACKLTJFSQUYEBHVYENL/"
},
{
"name": "GLSA-202007-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-51"
},
{
"name": "[debian-lts-announce] 20220526 [SECURITY] [DLA 3026-1] filezilla security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FileZilla",
"vendor": "FileZilla",
"versions": [
{
"status": "affected",
"version": "3.41.0-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious \u0027fzsftp\u0027 binary in the user\u0027s home directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T14:06:14.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.filezilla-project.org/filezilla?view=revision\u0026revision=9112"
},
{
"name": "FEDORA-2019-d109db9c8a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7WUJWTJA55ILACKLTJFSQUYEBHVYENL/"
},
{
"name": "GLSA-202007-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-51"
},
{
"name": "[debian-lts-announce] 20220526 [SECURITY] [DLA 3026-1] filezilla security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00037.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FileZilla",
"version": {
"version_data": [
{
"version_value": "3.41.0-rc1"
}
]
}
}
]
},
"vendor_name": "FileZilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious \u0027fzsftp\u0027 binary in the user\u0027s home directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path (CWE-426)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-14",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-14"
},
{
"name": "https://svn.filezilla-project.org/filezilla?view=revision\u0026revision=9112",
"refsource": "MISC",
"url": "https://svn.filezilla-project.org/filezilla?view=revision\u0026revision=9112"
},
{
"name": "FEDORA-2019-d109db9c8a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7WUJWTJA55ILACKLTJFSQUYEBHVYENL/"
},
{
"name": "GLSA-202007-51",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-51"
},
{
"name": "[debian-lts-announce] 20220526 [SECURITY] [DLA 3026-1] filezilla security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00037.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5429",
"datePublished": "2019-04-29T14:13:02.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:54:53.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2318 (GCVE-0-2007-2318)
Vulnerability from cvelistv5 – Published: 2007-04-26 21:00 – Updated: 2024-08-07 13:33
VLAI
Summary
Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://osvdb.org/34437 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/23506 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/24894 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://osvdb.org/34436 | vdb-entryx_refsource_OSVDB |
Date Public
2007-04-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34437",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34437"
},
{
"name": "23506",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23506"
},
{
"name": "24894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=501534\u0026group_id=21558"
},
{
"name": "34436",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34437",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34437"
},
{
"name": "23506",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23506"
},
{
"name": "24894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=501534\u0026group_id=21558"
},
{
"name": "34436",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34437",
"refsource": "OSVDB",
"url": "http://osvdb.org/34437"
},
{
"name": "23506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23506"
},
{
"name": "24894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24894"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=501534\u0026group_id=21558",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=501534\u0026group_id=21558"
},
{
"name": "34436",
"refsource": "OSVDB",
"url": "http://osvdb.org/34436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2318",
"datePublished": "2007-04-26T21:00:00.000Z",
"dateReserved": "2007-04-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0315 (GCVE-0-2007-0315)
Vulnerability from cvelistv5 – Published: 2007-01-18 00:00 – Updated: 2024-08-07 12:12
VLAI
Summary
Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/22057 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/0183 | vdb-entryx_refsource_VUPEN |
Date Public
2007-01-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22057",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22057"
},
{
"name": "filezilla-options-queuectrl-bo(31500)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=475423\u0026group_id=21558"
},
{
"name": "ADV-2007-0183",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0183"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22057",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22057"
},
{
"name": "filezilla-options-queuectrl-bo(31500)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=475423\u0026group_id=21558"
},
{
"name": "ADV-2007-0183",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0183"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22057"
},
{
"name": "filezilla-options-queuectrl-bo(31500)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31500"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=475423\u0026group_id=21558",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=475423\u0026group_id=21558"
},
{
"name": "ADV-2007-0183",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0183"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0315",
"datePublished": "2007-01-18T00:00:00.000Z",
"dateReserved": "2007-01-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:12:17.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0317 (GCVE-0-2007-0317)
Vulnerability from cvelistv5 – Published: 2007-01-18 00:00 – Updated: 2024-08-07 12:12
VLAI
Summary
Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/22063 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/0182 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:18.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=477793\u0026group_id=21558"
},
{
"name": "22063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22063"
},
{
"name": "ADV-2007-0182",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0182"
},
{
"name": "filezilla-logmessage-format-string(31497)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=477793\u0026group_id=21558"
},
{
"name": "22063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22063"
},
{
"name": "ADV-2007-0182",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0182"
},
{
"name": "filezilla-logmessage-format-string(31497)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=477793\u0026group_id=21558",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=477793\u0026group_id=21558"
},
{
"name": "22063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22063"
},
{
"name": "ADV-2007-0182",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0182"
},
{
"name": "filezilla-logmessage-format-string(31497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0317",
"datePublished": "2007-01-18T00:00:00.000Z",
"dateReserved": "2007-01-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:12:18.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6564 (GCVE-0-2006-6564)
Vulnerability from cvelistv5 – Published: 2006-12-15 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://retrogod.altervista.org/filezilla_0921_dos.html | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/4937 | vdb-entryx_refsource_VUPEN |
Date Public
2006-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "filezilla-commands-dos(30853)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=470364\u0026group_id=21558"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/filezilla_0921_dos.html"
},
{
"name": "ADV-2006-4937",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "filezilla-commands-dos(30853)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=470364\u0026group_id=21558"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/filezilla_0921_dos.html"
},
{
"name": "ADV-2006-4937",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "filezilla-commands-dos(30853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30853"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=470364\u0026group_id=21558",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=470364\u0026group_id=21558"
},
{
"name": "http://retrogod.altervista.org/filezilla_0921_dos.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/filezilla_0921_dos.html"
},
{
"name": "ADV-2006-4937",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6564",
"datePublished": "2006-12-15T11:00:00.000Z",
"dateReserved": "2006-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2403 (GCVE-0-2006-2403)
Vulnerability from cvelistv5 – Published: 2006-05-16 01:00 – Updated: 2024-08-07 17:51
VLAI
Summary
Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/29970 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2006/1795 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/20086 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/17972 | vdb-entryx_refsource_BID |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
Date Public
2006-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29970",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29970"
},
{
"name": "ADV-2006-1795",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1795"
},
{
"name": "filezilla-ftp-bo(26450)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26450"
},
{
"name": "20086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20086"
},
{
"name": "17972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17972"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=416790"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29970",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29970"
},
{
"name": "ADV-2006-1795",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1795"
},
{
"name": "filezilla-ftp-bo(26450)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26450"
},
{
"name": "20086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20086"
},
{
"name": "17972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17972"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=416790"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29970",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29970"
},
{
"name": "ADV-2006-1795",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1795"
},
{
"name": "filezilla-ftp-bo(26450)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26450"
},
{
"name": "20086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20086"
},
{
"name": "17972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17972"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=416790",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=416790"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2403",
"datePublished": "2006-05-16T01:00:00.000Z",
"dateReserved": "2006-05-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2173 (GCVE-0-2006-2173)
Vulnerability from cvelistv5 – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43
VLAI
Summary
Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/17802 | vdb-entryx_refsource_BID |
| http://www.infigo.hr/en/in_focus/tools | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=114658586018818&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/25221 | vdb-entryx_refsource_OSVDB |
| http://www.infigo.hr/hr/in_focus/advisories/INFIG… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:27.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infigo.hr/en/in_focus/tools"
},
{
"name": "20060502 FTP Fuzzer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114658586018818\u0026w=2"
},
{
"name": "25221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25221"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03"
},
{
"name": "filezilla-port-pass-dos(26303)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26303"
},
{
"name": "20060508 INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infigo.hr/en/in_focus/tools"
},
{
"name": "20060502 FTP Fuzzer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114658586018818\u0026w=2"
},
{
"name": "25221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25221"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03"
},
{
"name": "filezilla-port-pass-dos(26303)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26303"
},
{
"name": "20060508 INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17802"
},
{
"name": "http://www.infigo.hr/en/in_focus/tools",
"refsource": "MISC",
"url": "http://www.infigo.hr/en/in_focus/tools"
},
{
"name": "20060502 FTP Fuzzer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=114658586018818\u0026w=2"
},
{
"name": "25221",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25221"
},
{
"name": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03",
"refsource": "MISC",
"url": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03"
},
{
"name": "filezilla-port-pass-dos(26303)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26303"
},
{
"name": "20060508 INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2173",
"datePublished": "2006-05-04T10:00:00.000Z",
"dateReserved": "2006-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:27.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3589 (GCVE-0-2005-3589)
Vulnerability from cvelistv5 – Published: 2005-11-16 07:37 – Updated: 2024-08-07 23:17
VLAI
Summary
Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/20817 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/15346 | vdb-entryx_refsource_BID |
| http://ingehenriksen.blogspot.com/2005/11/work-in… | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=113140190521377&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://ingehenriksen.blogspot.com/2005/11/filezil… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/417307/30/… | mailing-listx_refsource_BUGTRAQ |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_MISC |
Date Public
2005-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20817"
},
{
"name": "15346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15346"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ingehenriksen.blogspot.com/2005/11/work-in-progress-filezilla-server.html"
},
{
"name": "20051107 Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113140190521377\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ingehenriksen.blogspot.com/2005/11/filezilla-server-terminal-094d-dos-poc_21.html"
},
{
"name": "20051121 Re: Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417307/30/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=298735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20817"
},
{
"name": "15346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15346"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ingehenriksen.blogspot.com/2005/11/work-in-progress-filezilla-server.html"
},
{
"name": "20051107 Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113140190521377\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ingehenriksen.blogspot.com/2005/11/filezilla-server-terminal-094d-dos-poc_21.html"
},
{
"name": "20051121 Re: Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417307/30/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=298735"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20817",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20817"
},
{
"name": "15346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15346"
},
{
"name": "http://ingehenriksen.blogspot.com/2005/11/work-in-progress-filezilla-server.html",
"refsource": "MISC",
"url": "http://ingehenriksen.blogspot.com/2005/11/work-in-progress-filezilla-server.html"
},
{
"name": "20051107 Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113140190521377\u0026w=2"
},
{
"name": "http://ingehenriksen.blogspot.com/2005/11/filezilla-server-terminal-094d-dos-poc_21.html",
"refsource": "MISC",
"url": "http://ingehenriksen.blogspot.com/2005/11/filezilla-server-terminal-094d-dos-poc_21.html"
},
{
"name": "20051121 Re: Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417307/30/0/threaded"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=298735",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=298735"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3589",
"datePublished": "2005-11-16T07:37:00.000Z",
"dateReserved": "2005-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:17:23.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2898 (GCVE-0-2005-2898)
Vulnerability from cvelistv5 – Published: 2005-09-14 04:00 – Updated: 2024-08-07 22:53 Disputed
VLAI
Summary
NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://filezilla.sourceforge.net/forum/viewtopic.… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/14730 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=112577523810442&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=112605448327521&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-09-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://filezilla.sourceforge.net/forum/viewtopic.php?t=1328"
},
{
"name": "filezilla-password-weak-encryption(22135)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22135"
},
{
"name": "14730",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14730"
},
{
"name": "20050902 FileZilla weakly-encrypted password vulnerability: advisory + PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112577523810442\u0026w=2"
},
{
"name": "20050904 Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112605448327521\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when \"Use secure mode\" is disabled, uses a weak encryption scheme to store the user\u0027s password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that \"the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://filezilla.sourceforge.net/forum/viewtopic.php?t=1328"
},
{
"name": "filezilla-password-weak-encryption(22135)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22135"
},
{
"name": "14730",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14730"
},
{
"name": "20050902 FileZilla weakly-encrypted password vulnerability: advisory + PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112577523810442\u0026w=2"
},
{
"name": "20050904 Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112605448327521\u0026w=2"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when \"Use secure mode\" is disabled, uses a weak encryption scheme to store the user\u0027s password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that \"the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://filezilla.sourceforge.net/forum/viewtopic.php?t=1328",
"refsource": "MISC",
"url": "http://filezilla.sourceforge.net/forum/viewtopic.php?t=1328"
},
{
"name": "filezilla-password-weak-encryption(22135)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22135"
},
{
"name": "14730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14730"
},
{
"name": "20050902 FileZilla weakly-encrypted password vulnerability: advisory + PoC",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112577523810442\u0026w=2"
},
{
"name": "20050904 Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112605448327521\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2898",
"datePublished": "2005-09-14T04:00:00.000Z",
"dateReserved": "2005-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:30.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}