7 matches found
GHSA-8XGX-75QW-6268 Improper privilege management in pyftpdlib
The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...
Sql injection
The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...
Command injection
BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites aka FTP bounce via the PORT command, a variant of CVE-1999-0017...
CVE-2006-6947
The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites aka FTP bounce via the PORT command, a variant of CVE-1999-0017...
WS FTP Server Session Hijacking Vulnerability (Nov 2005)
WSFTP server is prone to session hijacking during passive connections and to a FTP bounce attack when a user submits a specially crafted FTP command. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
CVE-1999-0017
CVE-1999-0017 is a documented FTP bounce vulnerability where an FTP server can be abused to connect to arbitrary ports on an attacker-controlled host by exploiting the PORT/PORT-like mechanisms. The core issue is that an FTP server’s data connection handling allows bounce traffic to other hosts (...
CVE-1999-0017
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce...