Lucene search
K

QPC Software QVT Term 4.3QVTNet 4.3 Suite FTP Server - Denial of Service

🗓️ 10 Nov 1999 00:00:00Reported by Ussr LabsType 
exploitpack
 exploitpack
👁 10 Views

QPC Software FTP server is vulnerable to denial of service attacks from oversized logon credentials.

Code
source: https://www.securityfocus.com/bid/796/info

The FTP server that ships with QPC's QVT line of products is vulnerable to a denial of service attack. The FTP server has an unchecked buffer in the logon function. If a username/password pair is specified that is longer than 2000 characters combined, the server will drop the connection with an 'authentication failed' message. The next time someone tries to connect, the server will crash. 

19619-2.exe - binary
19619-1.zip - source 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/19619-1.zip

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/19619-2.exe

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation