Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by freeftpd
CVE-2013-10042 (GCVE-0-2013-10042)
Vulnerability from cvelistv5 – Published: 2025-07-31 14:55 – Updated: 2026-05-15 11:14
VLAI
Title
freeFTPd <= 1.0.10 PASS Command Stack-Based Buffer Overflow
Summary
A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://www.exploit-db.com/exploits/27747 | exploit |
| https://www.vulncheck.com/advisories/freeftpd-pas… | third-party-advisory |
Impacted products
Date Public
2013-08-21 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2013-10042",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T15:16:10.753095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T15:16:18.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"FreeFTPDService.exe (FTP handler for PASS command)"
],
"platforms": [
"Windows"
],
"product": "freeFTPd",
"vendor": "freeFTPd",
"versions": [
{
"lessThanOrEqual": "1.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freeftpd:freeftpd:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.10",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wireghoul"
}
],
"datePublic": "2013-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP \u003ccode\u003ePASS\u003c/code\u003e command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.\u003c/p\u003e"
}
],
"value": "A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:14:10.534Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/27747"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "freeFTPd \u003c= 1.0.10 PASS Command Stack-Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2013-10042",
"datePublished": "2025-07-31T14:55:25.594Z",
"dateReserved": "2025-07-30T18:00:43.227Z",
"dateUpdated": "2026-05-15T11:14:10.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-19383 (GCVE-0-2019-19383)
Vulnerability from cvelistv5 – Published: 2019-12-03 19:06 – Updated: 2024-08-05 02:16
VLAI
Summary
freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/m0rph-1/CVE-2019-19383 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/m0rph-1/CVE-2019-19383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T19:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/m0rph-1/CVE-2019-19383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/m0rph-1/CVE-2019-19383",
"refsource": "MISC",
"url": "https://github.com/m0rph-1/CVE-2019-19383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19383",
"datePublished": "2019-12-03T19:06:07.000Z",
"dateReserved": "2019-11-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:47.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6067 (GCVE-0-2012-6067)
Vulnerability from cvelistv5 – Published: 2012-12-04 23:00 – Updated: 2024-09-16 23:16
VLAI
Summary
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20121201 FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-04T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20121201 FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121201 FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6067",
"datePublished": "2012-12-04T23:00:00.000Z",
"dateReserved": "2012-12-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:04.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2407 (GCVE-0-2006-2407)
Vulnerability from cvelistv5 – Published: 2006-05-16 10:00 – Updated: 2024-08-07 17:51
VLAI
Summary
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
18 references
Date Public
2006-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19846"
},
{
"name": "25569",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25569"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434007/100/0/threaded"
},
{
"name": "20060517 POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434402/100/0/threaded"
},
{
"name": "ADV-2006-1786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1786"
},
{
"name": "901",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/901"
},
{
"name": "freesshd-key-exchange-bo(26442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26442"
},
{
"name": "20060517 BUGTRAQ:20060517 Re:POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434415/100/0/threaded"
},
{
"name": "19845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19845"
},
{
"name": "VU#477960",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/477960"
},
{
"name": "20060517 Re:POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434415/30/4920/threaded"
},
{
"name": "25463",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25463"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114764338702488\u0026w=2"
},
{
"name": "20136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20136"
},
{
"name": "ADV-2006-1842",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1842"
},
{
"name": "ADV-2006-1785",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1785"
},
{
"name": "17958",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17958"
},
{
"name": "20060515 Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434038/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19846"
},
{
"name": "25569",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25569"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434007/100/0/threaded"
},
{
"name": "20060517 POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434402/100/0/threaded"
},
{
"name": "ADV-2006-1786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1786"
},
{
"name": "901",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/901"
},
{
"name": "freesshd-key-exchange-bo(26442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26442"
},
{
"name": "20060517 BUGTRAQ:20060517 Re:POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434415/100/0/threaded"
},
{
"name": "19845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19845"
},
{
"name": "VU#477960",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/477960"
},
{
"name": "20060517 Re:POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434415/30/4920/threaded"
},
{
"name": "25463",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25463"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114764338702488\u0026w=2"
},
{
"name": "20136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20136"
},
{
"name": "ADV-2006-1842",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1842"
},
{
"name": "ADV-2006-1785",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1785"
},
{
"name": "17958",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17958"
},
{
"name": "20060515 Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434038/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19846"
},
{
"name": "25569",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25569"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434007/100/0/threaded"
},
{
"name": "20060517 POC exploit for freeFTPd 1.0.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434402/100/0/threaded"
},
{
"name": "ADV-2006-1786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1786"
},
{
"name": "901",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/901"
},
{
"name": "freesshd-key-exchange-bo(26442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26442"
},
{
"name": "20060517 BUGTRAQ:20060517 Re:POC exploit for freeFTPd 1.0.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434415/100/0/threaded"
},
{
"name": "19845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19845"
},
{
"name": "VU#477960",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/477960"
},
{
"name": "20060517 Re:POC exploit for freeFTPd 1.0.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434415/30/4920/threaded"
},
{
"name": "25463",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25463"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=114764338702488\u0026w=2"
},
{
"name": "20136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20136"
},
{
"name": "ADV-2006-1842",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1842"
},
{
"name": "ADV-2006-1785",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1785"
},
{
"name": "17958",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17958"
},
{
"name": "20060515 Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434038/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2407",
"datePublished": "2006-05-16T10:00:00.000Z",
"dateReserved": "2006-05-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3812 (GCVE-0-2005-3812)
Vulnerability from cvelistv5 – Published: 2005-11-26 02:00 – Updated: 2024-08-07 23:24
VLAI
Summary
freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2005/2580 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/417602/30/… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/15557 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/17737 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-2580",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2580"
},
{
"name": "20051124 freeFTPd 1.0.10 (Dos,Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417602/30/0/threaded"
},
{
"name": "15557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15557"
},
{
"name": "17737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-2580",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2580"
},
{
"name": "20051124 freeFTPd 1.0.10 (Dos,Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417602/30/0/threaded"
},
{
"name": "15557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15557"
},
{
"name": "17737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17737"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2580",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2580"
},
{
"name": "20051124 freeFTPd 1.0.10 (Dos,Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417602/30/0/threaded"
},
{
"name": "15557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15557"
},
{
"name": "17737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17737"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3812",
"datePublished": "2005-11-26T02:00:00.000Z",
"dateReserved": "2005-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:36.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3683 (GCVE-0-2005-3683)
Vulnerability from cvelistv5 – Published: 2005-11-19 01:00 – Updated: 2024-08-07 23:17
VLAI
Summary
Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1015230 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/17583 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2005/2458 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/20909 | vdb-entryx_refsource_OSVDB |
| http://marc.info/?l=full-disclosure&m=11321376382… | mailing-listx_refsource_FULLDISC |
| http://marc.info/?l=full-disclosure&m=11321661192… | mailing-listx_refsource_FULLDISC |
| http://freeftpd.com/?ctt=changelog | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/15457 | vdb-entryx_refsource_BID |
Date Public
2005-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015230",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015230"
},
{
"name": "17583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17583"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "ADV-2005-2458",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2458"
},
{
"name": "20909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20909"
},
{
"name": "20051116 freeftpd USER bufferoverflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113213763821294\u0026w=2"
},
{
"name": "20051116 re: freeftpd USER bufferoverflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113216611924774\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeftpd.com/?ctt=changelog"
},
{
"name": "15457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015230",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015230"
},
{
"name": "17583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17583"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "ADV-2005-2458",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2458"
},
{
"name": "20909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20909"
},
{
"name": "20051116 freeftpd USER bufferoverflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113213763821294\u0026w=2"
},
{
"name": "20051116 re: freeftpd USER bufferoverflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113216611924774\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeftpd.com/?ctt=changelog"
},
{
"name": "15457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015230",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015230"
},
{
"name": "17583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17583"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "ADV-2005-2458",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2458"
},
{
"name": "20909",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20909"
},
{
"name": "20051116 freeftpd USER bufferoverflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=113213763821294\u0026w=2"
},
{
"name": "20051116 re: freeftpd USER bufferoverflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=113216611924774\u0026w=2"
},
{
"name": "http://freeftpd.com/?ctt=changelog",
"refsource": "CONFIRM",
"url": "http://freeftpd.com/?ctt=changelog"
},
{
"name": "15457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3683",
"datePublished": "2005-11-19T01:00:00.000Z",
"dateReserved": "2005-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:17:23.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3684 (GCVE-0-2005-3684)
Vulnerability from cvelistv5 – Published: 2005-11-19 01:00 – Updated: 2024-08-07 23:17
VLAI
Summary
Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/15486 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2005/2471 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/20909 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/17624 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=full-disclosure&m=11322235800… | mailing-listx_refsource_FULLDISC |
Date Public
2005-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15486"
},
{
"name": "ADV-2005-2471",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2471"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "20909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20909"
},
{
"name": "17624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17624"
},
{
"name": "20051117 freeftpd MKD buffer overflow etc...",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113222358007499\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15486"
},
{
"name": "ADV-2005-2471",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2471"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "20909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20909"
},
{
"name": "17624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17624"
},
{
"name": "20051117 freeftpd MKD buffer overflow etc...",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113222358007499\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15486"
},
{
"name": "ADV-2005-2471",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2471"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "20909",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20909"
},
{
"name": "17624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17624"
},
{
"name": "20051117 freeftpd MKD buffer overflow etc...",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=113222358007499\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3684",
"datePublished": "2005-11-19T01:00:00.000Z",
"dateReserved": "2005-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:17:23.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-10042 (GCVE-0-2013-10042)
Vulnerability from nvd – Published: 2025-07-31 14:55 – Updated: 2026-05-15 11:14
VLAI
Title
freeFTPd <= 1.0.10 PASS Command Stack-Based Buffer Overflow
Summary
A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://www.exploit-db.com/exploits/27747 | exploit |
| https://www.vulncheck.com/advisories/freeftpd-pas… | third-party-advisory |
Impacted products
Date Public
2013-08-21 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2013-10042",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T15:16:10.753095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T15:16:18.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"FreeFTPDService.exe (FTP handler for PASS command)"
],
"platforms": [
"Windows"
],
"product": "freeFTPd",
"vendor": "freeFTPd",
"versions": [
{
"lessThanOrEqual": "1.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freeftpd:freeftpd:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.10",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wireghoul"
}
],
"datePublic": "2013-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP \u003ccode\u003ePASS\u003c/code\u003e command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.\u003c/p\u003e"
}
],
"value": "A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:14:10.534Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/27747"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "freeFTPd \u003c= 1.0.10 PASS Command Stack-Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2013-10042",
"datePublished": "2025-07-31T14:55:25.594Z",
"dateReserved": "2025-07-30T18:00:43.227Z",
"dateUpdated": "2026-05-15T11:14:10.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-19383 (GCVE-0-2019-19383)
Vulnerability from nvd – Published: 2019-12-03 19:06 – Updated: 2024-08-05 02:16
VLAI
Summary
freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/m0rph-1/CVE-2019-19383 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/m0rph-1/CVE-2019-19383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T19:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/m0rph-1/CVE-2019-19383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/m0rph-1/CVE-2019-19383",
"refsource": "MISC",
"url": "https://github.com/m0rph-1/CVE-2019-19383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19383",
"datePublished": "2019-12-03T19:06:07.000Z",
"dateReserved": "2019-11-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:47.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6067 (GCVE-0-2012-6067)
Vulnerability from nvd – Published: 2012-12-04 23:00 – Updated: 2024-09-16 23:16
VLAI
Summary
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20121201 FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-04T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20121201 FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121201 FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6067",
"datePublished": "2012-12-04T23:00:00.000Z",
"dateReserved": "2012-12-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:04.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2407 (GCVE-0-2006-2407)
Vulnerability from nvd – Published: 2006-05-16 10:00 – Updated: 2024-08-07 17:51
VLAI
Summary
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
18 references
Date Public
2006-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19846"
},
{
"name": "25569",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25569"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434007/100/0/threaded"
},
{
"name": "20060517 POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434402/100/0/threaded"
},
{
"name": "ADV-2006-1786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1786"
},
{
"name": "901",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/901"
},
{
"name": "freesshd-key-exchange-bo(26442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26442"
},
{
"name": "20060517 BUGTRAQ:20060517 Re:POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434415/100/0/threaded"
},
{
"name": "19845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19845"
},
{
"name": "VU#477960",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/477960"
},
{
"name": "20060517 Re:POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434415/30/4920/threaded"
},
{
"name": "25463",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25463"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114764338702488\u0026w=2"
},
{
"name": "20136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20136"
},
{
"name": "ADV-2006-1842",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1842"
},
{
"name": "ADV-2006-1785",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1785"
},
{
"name": "17958",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17958"
},
{
"name": "20060515 Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434038/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19846"
},
{
"name": "25569",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25569"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434007/100/0/threaded"
},
{
"name": "20060517 POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434402/100/0/threaded"
},
{
"name": "ADV-2006-1786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1786"
},
{
"name": "901",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/901"
},
{
"name": "freesshd-key-exchange-bo(26442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26442"
},
{
"name": "20060517 BUGTRAQ:20060517 Re:POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434415/100/0/threaded"
},
{
"name": "19845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19845"
},
{
"name": "VU#477960",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/477960"
},
{
"name": "20060517 Re:POC exploit for freeFTPd 1.0.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434415/30/4920/threaded"
},
{
"name": "25463",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25463"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114764338702488\u0026w=2"
},
{
"name": "20136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20136"
},
{
"name": "ADV-2006-1842",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1842"
},
{
"name": "ADV-2006-1785",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1785"
},
{
"name": "17958",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17958"
},
{
"name": "20060515 Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434038/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19846"
},
{
"name": "25569",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25569"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434007/100/0/threaded"
},
{
"name": "20060517 POC exploit for freeFTPd 1.0.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434402/100/0/threaded"
},
{
"name": "ADV-2006-1786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1786"
},
{
"name": "901",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/901"
},
{
"name": "freesshd-key-exchange-bo(26442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26442"
},
{
"name": "20060517 BUGTRAQ:20060517 Re:POC exploit for freeFTPd 1.0.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434415/100/0/threaded"
},
{
"name": "19845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19845"
},
{
"name": "VU#477960",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/477960"
},
{
"name": "20060517 Re:POC exploit for freeFTPd 1.0.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434415/30/4920/threaded"
},
{
"name": "25463",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25463"
},
{
"name": "20060514 POC exploit for freeSSHd version 1.0.9",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=114764338702488\u0026w=2"
},
{
"name": "20136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20136"
},
{
"name": "ADV-2006-1842",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1842"
},
{
"name": "ADV-2006-1785",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1785"
},
{
"name": "17958",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17958"
},
{
"name": "20060515 Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434038/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2407",
"datePublished": "2006-05-16T10:00:00.000Z",
"dateReserved": "2006-05-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3812 (GCVE-0-2005-3812)
Vulnerability from nvd – Published: 2005-11-26 02:00 – Updated: 2024-08-07 23:24
VLAI
Summary
freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2005/2580 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/417602/30/… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/15557 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/17737 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-2580",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2580"
},
{
"name": "20051124 freeFTPd 1.0.10 (Dos,Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417602/30/0/threaded"
},
{
"name": "15557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15557"
},
{
"name": "17737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-2580",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2580"
},
{
"name": "20051124 freeFTPd 1.0.10 (Dos,Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417602/30/0/threaded"
},
{
"name": "15557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15557"
},
{
"name": "17737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17737"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2580",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2580"
},
{
"name": "20051124 freeFTPd 1.0.10 (Dos,Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417602/30/0/threaded"
},
{
"name": "15557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15557"
},
{
"name": "17737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17737"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3812",
"datePublished": "2005-11-26T02:00:00.000Z",
"dateReserved": "2005-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:36.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3683 (GCVE-0-2005-3683)
Vulnerability from nvd – Published: 2005-11-19 01:00 – Updated: 2024-08-07 23:17
VLAI
Summary
Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1015230 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/17583 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2005/2458 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/20909 | vdb-entryx_refsource_OSVDB |
| http://marc.info/?l=full-disclosure&m=11321376382… | mailing-listx_refsource_FULLDISC |
| http://marc.info/?l=full-disclosure&m=11321661192… | mailing-listx_refsource_FULLDISC |
| http://freeftpd.com/?ctt=changelog | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/15457 | vdb-entryx_refsource_BID |
Date Public
2005-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015230",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015230"
},
{
"name": "17583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17583"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "ADV-2005-2458",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2458"
},
{
"name": "20909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20909"
},
{
"name": "20051116 freeftpd USER bufferoverflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113213763821294\u0026w=2"
},
{
"name": "20051116 re: freeftpd USER bufferoverflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113216611924774\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeftpd.com/?ctt=changelog"
},
{
"name": "15457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015230",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015230"
},
{
"name": "17583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17583"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "ADV-2005-2458",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2458"
},
{
"name": "20909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20909"
},
{
"name": "20051116 freeftpd USER bufferoverflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113213763821294\u0026w=2"
},
{
"name": "20051116 re: freeftpd USER bufferoverflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113216611924774\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeftpd.com/?ctt=changelog"
},
{
"name": "15457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015230",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015230"
},
{
"name": "17583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17583"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "ADV-2005-2458",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2458"
},
{
"name": "20909",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20909"
},
{
"name": "20051116 freeftpd USER bufferoverflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=113213763821294\u0026w=2"
},
{
"name": "20051116 re: freeftpd USER bufferoverflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=113216611924774\u0026w=2"
},
{
"name": "http://freeftpd.com/?ctt=changelog",
"refsource": "CONFIRM",
"url": "http://freeftpd.com/?ctt=changelog"
},
{
"name": "15457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3683",
"datePublished": "2005-11-19T01:00:00.000Z",
"dateReserved": "2005-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:17:23.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3684 (GCVE-0-2005-3684)
Vulnerability from nvd – Published: 2005-11-19 01:00 – Updated: 2024-08-07 23:17
VLAI
Summary
Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/15486 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2005/2471 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/20909 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/17624 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=full-disclosure&m=11322235800… | mailing-listx_refsource_FULLDISC |
Date Public
2005-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15486"
},
{
"name": "ADV-2005-2471",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2471"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "20909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20909"
},
{
"name": "17624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17624"
},
{
"name": "20051117 freeftpd MKD buffer overflow etc...",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113222358007499\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15486"
},
{
"name": "ADV-2005-2471",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2471"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "20909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20909"
},
{
"name": "17624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17624"
},
{
"name": "20051117 freeftpd MKD buffer overflow etc...",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113222358007499\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15486"
},
{
"name": "ADV-2005-2471",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2471"
},
{
"name": "freeftpd-multiple-command-bo(23118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
},
{
"name": "20909",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20909"
},
{
"name": "17624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17624"
},
{
"name": "20051117 freeftpd MKD buffer overflow etc...",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=113222358007499\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3684",
"datePublished": "2005-11-19T01:00:00.000Z",
"dateReserved": "2005-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:17:23.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201212-0181
Vulnerability from variot - Updated: 2023-12-18 14:02freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. FreeFTPd is a free FTP+SSL/SFTP server based on WeOnlyDo FTP/SFTP. There is a vulnerability in freeFTPd.exe in freeFTPd versions prior to 1.0.11
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201212-0181",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "freeftpd",
"scope": "eq",
"trust": 2.2,
"vendor": "freeftpd",
"version": "1.0.8"
},
{
"model": "freeftpd",
"scope": "lte",
"trust": 1.8,
"vendor": "freeftpd",
"version": "1.0.11"
},
{
"model": "freeftpd",
"scope": "eq",
"trust": 1.6,
"vendor": "freeftpd",
"version": "1.0.5"
},
{
"model": "freeftpd",
"scope": "eq",
"trust": 1.6,
"vendor": "freeftpd",
"version": "1.0.6"
},
{
"model": "freeftpd",
"scope": "eq",
"trust": 1.6,
"vendor": "freeftpd",
"version": "1.0"
},
{
"model": "freeftpd",
"scope": "eq",
"trust": 1.6,
"vendor": "freeftpd",
"version": "1.0.7"
},
{
"model": "freeftpd",
"scope": "eq",
"trust": 1.6,
"vendor": "freeftpd",
"version": "1.0.2"
},
{
"model": "freeftpd",
"scope": "eq",
"trust": 1.6,
"vendor": "freeftpd",
"version": "1.0.1"
},
{
"model": "freeftpd",
"scope": "eq",
"trust": 1.6,
"vendor": "freeftpd",
"version": "1.0.4"
},
{
"model": "freeftpd",
"scope": "eq",
"trust": 1.6,
"vendor": "freeftpd",
"version": "1.0.3"
},
{
"model": "freeftpd",
"scope": "eq",
"trust": 1.6,
"vendor": "freeftpd",
"version": "1.0.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7684"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005663"
},
{
"db": "NVD",
"id": "CVE-2012-6067"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-045"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:freeftpd:freeftpd:1.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freeftpd:freeftpd:1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freeftpd:freeftpd:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freeftpd:freeftpd:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freeftpd:freeftpd:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freeftpd:freeftpd:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freeftpd:freeftpd:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freeftpd:freeftpd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freeftpd:freeftpd:1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freeftpd:freeftpd:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freeftpd:freeftpd:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6067"
}
]
},
"cve": "CVE-2012-6067",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-6067",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-7684",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-6067",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2012-7684",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201212-045",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7684"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005663"
},
{
"db": "NVD",
"id": "CVE-2012-6067"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-045"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. FreeFTPd is a free FTP+SSL/SFTP server based on WeOnlyDo FTP/SFTP. There is a vulnerability in freeFTPd.exe in freeFTPd versions prior to 1.0.11",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6067"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005663"
},
{
"db": "CNVD",
"id": "CNVD-2012-7684"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6067",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005663",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-7684",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20121201 FREEFTPD REMOTE AUTHENTICATION BYPASS ZERODAY EXPLOIT (STUXNET TECHNIQUE)",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201212-045",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7684"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005663"
},
{
"db": "NVD",
"id": "CVE-2012-6067"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-045"
}
]
},
"id": "VAR-201212-0181",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7684"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7684"
}
]
},
"last_update_date": "2023-12-18T14:02:06.503000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.freesshd.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005663"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005663"
},
{
"db": "NVD",
"id": "CVE-2012-6067"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0011.html"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6067"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7684"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005663"
},
{
"db": "NVD",
"id": "CVE-2012-6067"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-045"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-7684"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005663"
},
{
"db": "NVD",
"id": "CVE-2012-6067"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-045"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7684"
},
{
"date": "2012-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005663"
},
{
"date": "2012-12-04T23:55:01.080000",
"db": "NVD",
"id": "CVE-2012-6067"
},
{
"date": "2012-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-045"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7684"
},
{
"date": "2012-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005663"
},
{
"date": "2012-12-05T05:00:00",
"db": "NVD",
"id": "CVE-2012-6067"
},
{
"date": "2012-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-045"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "freeFTPd freeFTPd.exe authentication bypass vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7684"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-045"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-045"
}
],
"trust": 0.6
}
}