Vulners
Lucene search
FTP Service 1.2 - Multiple Vulnerabilities
FTP Service Multiple Vulnerabilities
Vendor: Pablo Software Solutions
Product: FTP Service
Version: <= 1.2
Website: http://www.pablovandermeer.nl/ftp_service.html
BID: 7799 7801
Description:
FTPService.exe is a service-version of Pablo's FTP Server. This service enables you to have the FTP server active even when you're not logged into Windows.
Anonymous Access
The anonymous account is by default set to have download access to anything in the C:\ directory. While this can be disabled by simply deleting the anonymous account, it poses a serious threat for anyone not aware of the problem.
ftp://somewhere/windows/repair/sam
In conclusion this application is totally open to complete compromise by default. Vendor was notified and plans on releasing a fix soon.
Plaintext Password Weakness:
User info is stored in users.dat in plaintext. If the anonymous account is present (it is by default) the entire FTP server can be compromised
ftp://somewhere/program files/pablo's ftp service/users.dat
Solution:
Upgrade your version of Pablo FTP Service.
Credits:
James Bercegay of the GulfTech Security Research Team.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Jun 2003 00:00Current