Ipswitch WS_FTP Professional HTTP服务器应答格式串漏洞

Bugraq ID: 36297 Ipswitch WSFTP Professional是一款流行的FTP客户端软件。 Ipswitch WSFTP Professional不正确处理来自HTTP服务器的应答，构建包含格式串的状态代码，可导致触发典型的格式串错误，可使应用程序崩溃。 Ipswitch WSFTP Professional 12 厂商解决方案： 目前没有解决方案提供： http://www.ipswitchft.com/products/wsftpprofessional/ !/usr/bin/perl nocoolnameforawsftppoc.pl AKA...

Ipswitch WS_FTP 12 Professional Format String

!/usr/bin/perl nocoolnameforawsftppoc.pl AKA Ipswitch WSFTP 12 Professional Remote Format String 0day PoC Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 09.07.2009 I really hate releasing proof of concepts. ASCII gets itchy after a few months. And it has been over a yea...

Ipswitch WS_FTP Server < 6.1.1 Multiple Vulnerabilities

The remote host is running a version of WSFTP earlier than 6.1.1. Such versions are reportedly affected by multiple vulnerabilities : - Improper handling of UDP packets within the FTP log server may allow an attacker to crash the affected service. CVE-2008-0608 - There is a buffer overflow...

Ipswitch WS_FTP Server < 6.1.1 Multiple Vulnerabilities (uncredentialed check)

According to its banner, the remote host is running a version of WSFTP earlier than 6.1.1. Such versions are reportedly affected by multiple vulnerabilities : - Improper handling of UDP packets within the FTP log server may allow an attacker to crash the affected service. CVE-2008-0608 - There is...

WS_FTP Version Detection

This script determines the WsFtp server version on the remote host and sets the result in the KB. OpenVAS Vulnerability Test $Id: secpodwsftpwindetect.nasl 5148 2017-01-31 13:16:55Z teissa $ WSFTP Server Checking Authors: Antu Sanadi Copyright: Copyright c 2009 SecPod, http://www.secpod.com This...

CVE-2007-2795

Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via 1 the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or 2 a long SUBSCRIBE IMAP command, which triggers a stack-based...

Stack overflow

Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via 1 the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or 2 a long SUBSCRIBE IMAP command, which triggers a stack-based...

CVE-2007-2795

Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via 1 the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or 2 a long SUBSCRIBE IMAP command, which triggers a stack-based...

CVE-2007-2795

Ipswitch IMail Server IMAP component contains two heap/stack overflow issues: (1) in IMailsec.dll during IMAP LOGIN causing heap corruption, and (2) a long SUBSCRIBE IMAP command causing a stack-based overflow in the IMAP Daemon. Affects Ipswitch IMail Server before version 2006.21 (and related I...

WS_FTP Server <= 6.1.0.0 Security Bypass Vulnerability

WSFTP Server is prone to a security bypass vulnerability. Copyright C 2008 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

WS_FTP Server Manager Security Bypass Vulnerability

This host is installed with WSFTP Server and is prone to Security Bypass Vulnerability. OpenVAS Vulnerability Test $Id: secpodwsftpserversecbypassvuln.nasl 5657 2017-03-21 11:08:08Z cfi $ WSFTP Server Manager Security Bypass Vulnerability Authors: Sujit Ghosal Copyright: Copyright c 2008 SecPod,...

CVE-2008-5692

Ipswitch WSFTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name...

Design/Logic Flaw

Ipswitch WSFTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character...

CVE-2008-5693

Ipswitch WSFTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character...

Authentication flaw

Ipswitch WSFTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name...

CVE-2008-5692

Ipswitch WS_FTP Server Manager before 6.1.1 (and possibly other Ipswitch products) contains an authentication-bypass vulnerability that lets remote attackers read logs by abusing the sequence: call FTPLogServer/login.asp (logLogout action) and then request FTPLogServer/LogViewer.asp using the loc...

CVE-2008-5693

Ipswitch WSFTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character...

CVE-2008-5692

Ipswitch WSFTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name...

CVE-2008-5693

CVE-2008-5693 affects Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier (and possibly other Ipswitch products). The vulnerability permits remote attackers to read contents of custom ASP files in WSFTPSVR/ by issuing a request with an appended dot. Documents show an impact to confidentiality (par...

Ipswitch WhatsUp Professional Multiple Vulnerabilities

Deprecated since it didn SPDX-FileCopyrightText: 2008 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.80068";...