32 matches found
CVE-2009-5013
Memory leak in the ondtpclose function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service memory consumption by sending a QUIT command during a data transfer...
CVE-2007-6737
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attemptedlogins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2007-6739
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command...
CVE-2007-6741
CVE-2007-6741 affects the pyftpdlib FTP server: the FTPServer.py ftp_PORT function before version 0.2.0 does not block TCP connections to privileged ports when the destination IP matches the connection’s source IP, enabling potential FTP bounce attacks against NATs by remote authenticated users. ...
CVE-2008-7262
CVE-2008-7262 concerns pyftpdlib’s FTPServer.py (pre-0.3.0) where multiple directory traversal flaws allow remote authenticated users to access arbitrary files/directories via a symlink-in-pathname in CWD, DELE, STOR, or RETR commands. The vulnerability is triggered by crafted pathnames containin...
CVE-2009-5013
CVE-2009-5013 : Pyftpdlib’s FTP server (ftpserver.py) contains a memory leak in the on_dtp_close path for versions before 0.5.2. Remote authenticated users can trigger memory exhaustion/DoS by issuing a QUIT during a data transfer. No remediation details are provided in the connected documents.
CVE-2007-6741
The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...
CVE-2007-6737
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attemptedlogins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2007-6739
The CVE-2007-6739 entry concerns the pyftpdlib FTP server (FTPServer.py) prior to version 0.2.0. The root cause is a vulnerability that allows remote attackers to cause a denial of service by sending a long command. Exploitation is described as remote and lack of authentication is noted in the de...
CVE-2008-7263
The CVE-2008-7263 entry affects the pyftpdlib FTP server (ftpserver.py) prior to version 0.5.0. The root issue is that it does not delay its response after an invalid login attempt, which makes brute-force access easier for remote attackers. The provided connected documents confirm the affected c...
CVE-2007-6739
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command...
CVE-2007-6741
The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...