158 matches found
CVE-2009-5013
Memory leak in the ondtpclose function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service memory consumption by sending a QUIT command during a data transfer...
PYSEC-2010-24
The ftpSTOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command...
PYSEC-2010-5
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack...
PYSEC-2010-22
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command...
CVE-2007-6737
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attemptedlogins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack...
PYSEC-2010-7
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different...
PYSEC-2010-21
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attemptedlogins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack...
PYSEC-2010-9
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session...
Command injection
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attemptedlogins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack...
Memory corruption
Memory leak in the ondtpclose function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service memory consumption by sending a QUIT command during a data transfer...
Design/Logic Flaw
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2009-5010
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different...
PYSEC-2010-21
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attemptedlogins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack...
PYSEC-2010-11
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or ...
PYSEC-2010-6
The ftpQUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service file descriptor exhaustion and daemon outage by sending a QUIT command during a disallowed data-transfer attempt...
Directory traversal
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. dot dot in a 1 LIST, 2 STOR, or 3 RETR command...
Command injection
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command...
PYSEC-2010-23
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command...
Race condition
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different...
PYSEC-2010-20
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. dot dot in a 1 LIST, 2 STOR, or 3 RETR command...