Lucene search
GitHub Advisory DatabaseGHSA-H4G7-8M7R-87R9HistoryMay 02, 2022 - 4:00 a.m.
Improper Access Control in pyftpdlib
2022-05-0204:00:26
CWE-284
GitHub Advisory Database
github.com
14
0.001 Low
EPSS
Percentile
49.9%
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.
References
code.google.com/p/pyftpdlib/issues/detail?id=114
code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
code.google.com/p/pyftpdlib/source/detail?r=596
code.google.com/p/pyftpdlib/source/diff?spec=svn596&r=596&format=side&path=/trunk/pyftpdlib/ftpserver.py
github.com/advisories/GHSA-h4g7-8m7r-87r9
github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-9.yaml
nvd.nist.gov/vuln/detail/CVE-2009-5012
Related
osv
osv
PYSEC-2010-9
2010-10-19 20:00:00
Improper Access Control in pyftpdlib
2022-05-02 04:00:26
cve
cve
CVE-2009-5012
2010-10-19 20:00:00
cvelist
cvelist
CVE-2009-5012
2022-10-03 16:24:01
debiancve
debiancve
CVE-2009-5012
2010-10-19 20:00:00
prion
prion
Session fixation
2010-10-19 20:00:00
nessus
nessus
Fedora 12 : pyftpdlib-0.5.2-1.fc12 (2010-16731)
2010-11-05 00:00:00
openvas
openvas
Fedora Update for pyftpdlib FEDORA-2010-16731
2010-11-16 00:00:00
pyftpdlib FTP Server Multiple Vulnerabilities
2010-10-28 00:00:00
Fedora Update for pyftpdlib FEDORA-2010-16731
2010-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: pyftpdlib-0.5.2-1.fc12
2010-11-04 23:28:10