63 matches found
Authentication flaw
Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address...
CVE-2006-1253
Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address...
CVE-2006-1253
Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address...
CVE-2006-1253
CVE-2006-1253 affects glFTPd prior to 2.01 RC5, where a crafted DNS hostname could bypass IP checks, potentially spoofing an IP-like hostname. The PT-2006-2269 entry confirms the vulnerable range and provides a remediation: update to version 2.01 RC5 or later. No exploitation details are provided...
PT-2006-2269 · Glftpd · Glftpd
Name of the Vulnerable Software and Affected Versions: glFTPd versions prior to 2.01 RC5 Description: The issue allows remote attackers to bypass IP checks by using a crafted DNS hostname. This could potentially include a hostname that appears to be an IP address. Recommendations: For versions...
CVE-2005-0483
Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to 1 determine the existence of arbitrary files, 2 list files in restricted directories, or 3 read arbitrary files from within ZIP or gzip files, v...
glFTPd Multiple Script ZIP File Handling Arbitrary File / Directory Access
The remote glFTPD server fails to properly sanitize user-supplied input to the 'sitenfo.sh', 'sitezpichk.sh', and 'siteziplist.sh'. An attacker could exploit this flaw to disclose arbitrary files by sending a spcially crafted request to the remote host. C Tenable Network Security, Inc...
glftpd.txt
Pimp industries. "Its all about the Bling, B^!%@s and Fame!" Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins : sitenfo.sh, sitezipchk.sh, siteziplist.sh C Paul Craig - Pimp Industries 2005 Background ------------- glftpd is an open source ftp server used by the more...
glFTPD FTP server plugin directory traversal
Обратный путь в каталогах в плагинах sitenfo.sh, sitezipchk.sh, siteziplist.sh...
Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins
Pimp industries. "Its all about the Bling, B^!@s and Fame!" Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins : sitenfo.sh, sitezipchk.sh, siteziplist.sh C Paul Craig - Pimp Industries 2005 Background ------------- glftpd is an open source ftp server used by the more...
CVE-2005-0483
GLFTPD 1.26–2.00 is affected by directory traversal via SITE NFO commands in sitenfo.sh, sitezipchk.sh, and siteziplist.sh. The root cause is improper sanitization of user-supplied input, allowing remote authenticated users to (1) determine existence of arbitrary files, (2) list files in restrict...
CVE-2005-0483
Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to 1 determine the existence of arbitrary files, 2 list files in restricted directories, or 3 read arbitrary files from within ZIP or gzip files, v...
glFTPd 1.x2.0 ZIP Plugins - Multiple Directory Traversal Vulnerabilities
glFTPd 1.x2.0 ZIP Plugins - Multiple Directory Traversal Vulnerabilities source: https://www.securityfocus.com/bid/12586/info It is reported that various ZIP related plugins supplied with the server contain multiple directory traversal vulnerabilities. These issues may allow remote attackers to...
glFTPd 1.x/2.0 'ZIP' Plugins - Multiple Directory Traversal Vulnerabilities
source: https://www.securityfocus.com/bid/12586/info It is reported that various ZIP related plugins supplied with the server contain multiple directory traversal vulnerabilities. These issues may allow remote attackers to determine the existence of files on a computer and also disclose arbitrary...
glFTPd Local Stack Overflow Exploit (PoC) (Slackware 9.0/9.1/10.0)
No description provided by source. / glFTPd local stack buffer overflow exploit Proof of Concept Tested in Slackware 9.0 / 9.1 / 10.0 by CoKi No System Group - http://www.nosystem.com.ar / include 'stdio.h include 'strings.h include 'unistd.h define BUFFER 288 + 1 define PATH "/glftpd/bin/dupesca...
glFTPd Local Stack Overflow Exploit (PoC) (Slackware 9.0/9.1/10.0)
Exploit for linux platform in category local exploits ================================================================== glFTPd Local Stack Overflow Exploit PoC Slackware 9.0/9.1/10.0 ================================================================== / glFTPd local stack buffer overflow exploit...
glFTPd (Slackware 9.09.110.0) - Local Stack Overflow
glFTPd Slackware 9.09.110.0 - Local Stack Overflow / glFTPd local stack buffer overflow exploit Proof of Concept Tested in Slackware 9.0 / 9.1 / 10.0 by CoKi No System Group - http://www.nosystem.com.ar / include include include define BUFFER 288 + 1 define PATH "/glftpd/bin/dupescan" char...
glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow
/ glFTPd local stack buffer overflow exploit Proof of Concept Tested in Slackware 9.0 / 9.1 / 10.0 by CoKi No System Group - http://www.nosystem.com.ar / include include include define BUFFER 288 + 1 define PATH "/glftpd/bin/dupescan" char shellcode= "xb0x31xcdx80x89xc3x31xc0xb0x17xcdx80"...
GLSA-200409-27 : glFTPd: Local buffer overflow vulnerability
The remote host is affected by the vulnerability described in GLSA-200409-27 glFTPd: Local buffer overflow vulnerability The glFTPd server is vulnerable to a buffer overflow in the 'dupescan' program. This vulnerability is due to an unsafe strcpy call which can cause the program to crash when a...
glFTPd: Local buffer overflow vulnerability
Background glFTPd is a highly configurable FTP server with many features. Description The glFTPd server is vulnerable to a buffer overflow in the 'dupescan' program. This vulnerability is due to an unsafe strcpy call which can cause the program to crash when a large argument is passed. Impact A...