FileZilla FTP Server buffer overflow

Buffer overflow on oversized FTP USER command...

FileZilla FTP client information leak

Configuration including FTP sites access passwords is stored in public directory...

[Full-disclosure] FileZilla (client) public credentials vulnerability

Title: FileZilla client public credentials vulnerability Risk: Medium Versions affected: =2.2.15 Credits: pagvac Adrian Pastor Date found: 10th September, 2005 Homepage: www.ikwt.com www.adrianpv.com E-mail: m123303 - a t - richmond.ac.uk Background ---------- FileZilla client is an open source...

CVE-2005-2898

NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive informatio...

CVE-2005-2898

FileZilla vulnerability CVE-2005-2898 affects versions 2.2.14b–2.2.15 (and possibly earlier) where, if “Use secure mode” is disabled, passwords are stored using a weak encryption scheme in the configuration file. This allows local users to obtain sensitive information. The issue is disputed by th...

CVE-2005-2898

NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive informatio...

PT-2005-3760 · Filezilla · Filezilla

Name of the Vulnerable Software and Affected Versions: FileZilla versions 2.2.14b through 2.2.15 FileZilla versions prior to 2.2.14b Description: The issue concerns the use of a weak encryption scheme to store user passwords in the configuration settings file when "Use secure mode" is disabled...

filezillaWeak.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: FileZilla weakly-encrypted password vulnerability Risk: HIGH Credits: pagvac Adrian Pastor Date found: 6th August, 2005 Homepage: www.ikwt.com www.adrianpv.com E-mail: m123303 - at - richmond.ac.uk Background - ----------- FileZilla is the most...

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key // source: https://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in a...

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key

// source: https://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the Windows Registry. This can allow t...

CVE-2005-0850

FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others...

CVE-2005-0851

FileZilla FTP server before 0.9.6, when using MODE Z zlib compression, allows remote attackers to cause a denial of service infinite loop via certain file uploads or directory listings...

CVE-2005-0850

Vulnerability summary (CVE-2005-0850): FileZilla FTP Server prior to 0.9.6 is susceptible to denial of service when a client requests a filename containing MS-DOS device names (e.g., CON, NUL, COM1, LPT1). The issue is confirmed in multiple security feeds, and related Nessus findings also describ...

CVE-2005-0851

CVE-2005-0851 affects the FileZilla FTP Server up to version 0.9.6. When using MODE Z (zlib compression), it can trigger a denial-of-service via certain file uploads or directory listings, causing an infinite loop. The vulnerability is associated with a NETWORK attack vector, with low complexity ...

CVE-2005-0850

FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others...

CVE-2005-0851

FileZilla FTP server before 0.9.6, when using MODE Z zlib compression, allows remote attackers to cause a denial of service infinite loop via certain file uploads or directory listings...

[SA14664] FileZilla Server Denial of Service Vulnerabilities

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: FileZilla Server Denial of Service Vulnerabilities...

FileZilla FTP Server Multiple DoS

The remote host is running a version of FileZilla server with the following denial of service vulnerabilities : - Requesting a file containing the reserved name of a DOS device e.g. CON, NUL, COM1, etc. can cause the server to freeze. - Downloading a file or directory listing with MODE Z enabled...

FileZilla FTP Server < 0.9.6 Multiple DoS

Binary data 2738.prm...

FileZilla FTP Server < 0.9.17 MLSD Command Overflow

Binary data 3532.prm...