PSFTPd Windows FTP Server Command Injection Vulnerability

PSFTPd Windows FTP Server is a suite of FTP server software. The software supports protocols such as FTP, FTPS and SFTP. A command injection vulnerability exists in PSFTPd Windows FTP Server version 10.0.4 Build 729. An attacker can exploit this vulnerability to hide data and create arbitrary...

PSFTPd Windows FTP Server Bounce Scan Vulnerability

PSFTPd Windows FTP Server is a suite of FTP server software. The software supports protocols such as FTP, FTPS and SFTP. A bounce scanning vulnerability exists in PSFTPd Windows FTP Server version 10.0.4 Build 729, which stems from the program failing to prevent the default FTP bounce scanning. A...

CVE-2017-15269

The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server...

CVE-2017-15270

The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values CSV file. This can be used by attackers to hide data in the Graphical User Interface GUI view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' a...

CVE-2017-15272

CVE-2017-15272 concerns the PSFTPd Windows FTP Server (v10.0.4 Build 729). The server stores its configuration in PSFTPd.dat, an Access database that can be extracted. The data can be obtained even though the encrypt flag is set with the password “ITsILLEGAL,” because the password is not required...