PYSEC-2010-5

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack...

UBUNTU-CVE-2010-3494

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or ...

PYSEC-2010-20

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. dot dot in a 1 LIST, 2 STOR, or 3 RETR command...

CVE-2007-6737

CVE-2007-6737 affects pyftpdlib’s FTP server (FTPServer.py) prior to 0.2.0. The root cause is that attempted_logins is not incremented for a USER command with an invalid username, making brute-force access more feasible. Exploitation details are not provided in the documents; remediation/fix deta...

CVE-2007-6736

CVE-2007-6736 affects pyftpdlib’s FTPServer.py prior to version 0.2.0, enabling multiple directory traversal vulnerabilities where remote authenticated users can access arbitrary files/directories through a .. in LIST, STOR, or RETR commands. All provided sources describe the same issue with this...

CVE-2007-6736

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. dot dot in a 1 LIST, 2 STOR, or 3 RETR command...

CVE-2007-6740

The ftpSTOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command...

AASync v2.2.1.0 (Win32) Stack Buffer Overflow (LIST)

$Id: aasynclistreply.rb 10660 2010-10-12 18:39:21Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

AASync v2.2.1.0 (Win32) Stack Buffer Overflow (LIST)

This module exploits a stack buffer overflow in AASync v2.2.1.0, triggered when processing the response on a LIST command. During the overflow, a structured exception handler record gets overwritten. This module requires Metasploit: https://metasploit.com/download Current source:...

Ftpdmin Detection

Detection of Ftpdmin. Ftpdmin is running at this port. Ftpdmin is a minimal Windows FTP server. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Command injection

Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service daemon crash via a certain string containing "//A:" in the argument to the LIST command...

CVE-2007-3492

Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service daemon crash via a certain string containing "//A:" in the argument to the LIST command...

CVE-2007-3492

Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service daemon crash via a certain string containing "//A:" in the argument to the LIST command...

CVE-2007-3492

The vulnerability CVE-2007-3492 affects Conti FtpServer 1.0, where remote authenticated users can trigger a denial of service (daemon crash) by sending a crafted string containing "//A:" in the LIST command argument. The connected documents provide the same description across NVD and CVE records ...

Authorization

The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories...

CVE-2007-0745

The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories...

CVE-2007-0745

The CVE affects Apple Mac OS X Server 10.4.9 where the FTPServer configuration file is incorrect in Apple Security Update 2007-004, potentially allowing remote authenticated users to access additional directories. The connected documents provide the misconfiguration and impact but do not include ...

CVE-2007-0745

The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories...

CVE-2006-6950

Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. dot dot in a filename argument...

CVE-2006-6949

Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file...