OSCA-550, OSCA-550A Security Vulnerabilities
-0.2AI Score
Solaris FTP Daemon CWD Command Account Enumeration
It is possible to determine the existence of a user on the remote system by issuing the command CWD ~, even before logging in. An attacker can exploit this flaw to determine the existence of known vulnerable...
7.3AI Score
7.4AI Score
FreeBSD 4.2-stable - FTPd glob() Remote Buffer Overflow
FreeBSD 4.2-stable - FTPd glob() Remote Buffer...
1AI Score
Solaris 2.67.0 - IN.FTPD CWD Username Enumeration
Solaris 2.67.0 - IN.FTPD CWD Username...
-0.2AI Score
7.4AI Score
Multiple vendors FTP denial of service
Proftpd built-in 'ls' command has a globbing bug that allows remote denial-of-service. Here's a simple exploit, tested on the Proftpd site : $ ftp ftp.proftpd.org ... Name (ftp.proftpd.org:j): ftp ... 230 Anonymous access granted, restrictions apply. Remote system type is UNIX. Using binary mode...
0.4AI Score
6.9AI Score
0.014EPSS
Warftp 1.67b04 Directory Traversal
Overview: by adding a special formed argument to the dir command, it is possible to list the /../ directory. Detail: the command is the following: dir *./../.. Log: Verbindung mit 10.17.3.44 wurde hergestellt. 220- Jgaa's Fan Club FTP Service WAR-FTPD 1.67- 04 Ready 220 Please enter your user...
0.1AI Score
@stake Advisory Notification: Netscape Directory Server buffer overflow (A030701-1)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Notification Advisory Name: Netscape Directory Server buffer overflow Release Date: 03/07/2001 Application: Netscape Directory Server...
0.4AI Score
Broker Ftp Server 5.0 Vulnerability
Vulnerability: users can break out of their root directory and list directories. Depending on the priv. you have other commands like delete maybe executed outside of the home. directory. e:\crap\ was used as homedir. deleting files in e:\crap is enabled Detail: Problem: Again relative paths....
0.4AI Score
Sunftp build9(1) - ftp server Vulnerability
It is possible to break out of the root directory by using relative paths e:\crap was used as homedir. of user test. the get command getting files from outside of the root dir. 220 chris FTP Server (SunFTP b9) ready on port 21... Benutzer (10.17.3.44:(none)): test 331 Password required for test....
0.1AI Score
----- Begin Hush Signed Message from [email protected] ----- Vulnerability in FtpXQ Server Overview FtpXQ Server 2.0.93 is an ftp server available from http://www.datawizard.net and http://www.download.com. A vulnerability exists which allows an attacker to download files outside the ftp...
0.3AI Score
-0.3AI Score
7.4AI Score
Potential Buffer Overflow vulnerability in bftpd-1.0.13
There is a potential buffer overflow vulnerability in the command "SITE CHOWN" 230 User logged in. site chown AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.AAAAAAAAAA A 550 User 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' not found. Connection closed by foreign host. gdb /usr/sbin/bftpd 18214 ............. Loaded....
0.3AI Score
Serv-U FTP directory traversal vunerability (all versions)
===================================================================== Securax-SA-09 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Catsoft serv-U FTP Directory...
-0.4AI Score
Serv-U CD Command Encoded Traversal Arbitrary File/Directory Access
The remote host is running Serv-U FTP server. The installed version fails to properly sanitize user-supplied input to the 'cd' command. An attacker could exploit this flaw to access arbitrary files on the remote...
6.5AI Score
-0.2AI Score
1AI Score
Cisco PIX Firewall (smtp content filtering hack)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 How to escape "fixup smtp" of Cisco Pix Firewall: The Cisco Pix Firewall normally restrict some protocol command(http,ftp,smtp) and manage multisession protocol(h323, ftp,sqlnet) . I made some test on a BSDI3.0 running sendmail9 placed in the dmz ....
-0.3AI Score
0.7AI Score
-0.2AI Score
7.4AI Score
[LSD] IRIX telnetd remote vulnerability
We've found a very severe vulnerability in the IRIX telnetd service that upon successful exploitation can give remote root access to any IRIX 6.2-6.5.8[m,f] system. The bug discussed here appeared in IRIX 5.2-6.1 systems and was the result of SGI efforts to patch a security vulnerability reported.....
-0.1AI Score
CRYX present: netscape profesional services ftp service
Yeah, yeah, it is gonna be first C.R.Y.X. advisory, blah!:-) we reporting it to you, people, because th1z vulnerability seems to fly around for some time, so it'z probably better to warn someone, b'koz we aren't lame scr1ptz-kiddiez expl0iting everone around with their 0day-stolen script!...
-0.5AI Score
GuildFTPd Traversal Arbitrary File Enumeration
The remote FTP server can be used to determine if a given file exists on the remote host or not, by adding dot-dot-slashes in front of them. This is caused by the server responding with different error messages depending on if the file exists or not. An attacker may use this flaw to gain more...
6.5AI Score
gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Yo, Errr... Sorry about saying gnu-pop3d had the same problem as FTGate - don't know how that got in my list - I assume from posting after a rather hectic party and before that vital cup of coffee the next day. :) Apologies, all. Anyway, I found a stack overflow in the Savant webserver the other...
1.1AI Score
Netscape FTP Server - "Professional" as hell :>
Standard disclaimer applies. These are my private oppinions and observations. Netscape Professional Services FTP server is used on high-performance servers for accessing virtual webserver accounts etc. It works with LDAP and seems to be quite often shipped by Sun with ISP instalations. Due to poor....
-0.1AI Score
-0.1AI Score
7.4AI Score
Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 - FTP Server
Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 - FTP...
0.1AI Score
Check Point Software Firewall-1 3.01 4.0 Cisco PIX Firewall 4.x5.x - ALG Client
Check Point Software Firewall-1 3.01 4.0 Cisco PIX Firewall 4.x5.x - ALG...
0.2AI Score
Check Point Software Firewall-1 3.0/1 4.0 / Cisco PIX Firewall 4.x/5.x - 'ALG' Client
...
7.4AI Score
FTPd CWD Command Account Enumeration
It is possible to determine the existence of a user on the remote system by issuing the command CWD ~. An attacker may use this to determine the existence of known to be vulnerable accounts (like guest) or to determine which system you are...
0.4AI Score
-0.3AI Score
AI Score
-0.3AI Score
-0.5AI Score
-0.3AI Score
0.1AI Score
0.1AI Score
Multiple FTP Server QUOTE CWD Command Home Path Disclosure
It is possible to determine the full path of the home directory of the 'ftp' user by issuing the 'CWD' command. An attacker can exploit this to determine where to put a .rhost file using other security...
0.2AI Score
Multiple Mail Server EXPN/VRFY Information Disclosure
The remote SMTP server answers to the EXPN and/or VRFY commands. The EXPN command can be used to find the delivery address of mail aliases, or even the full name of the recipients, and the VRFY command may be used to check the validity of an account. Your mailer should not allow remote users to...
-0.1AI Score
Web Server Long URL Handling Remote Overflow DoS
The remote web server crashes when it receives a too long URL. It might be possible to make it execute arbitrary code through this...
0.2AI Score
7.4AI Score
BisonWare BisohFTP Server 3.5 - Multiple Vulnerabilities
BisonWare BisohFTP Server 3.5 - Multiple...
0.2AI Score
Security Update for DirectX 9 for Windows 2000 (KB904706)
A security issue has been identified that could allow an attacker to remotely compromise your Windows-based system using DirectShow and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your...
3AI Score