25 matches found
EUVD-1999-0819
Malware in sbrugna...
EUVD-2001-0755
Malware in sbrugna...
EUVD-2004-1878
Malware in sbrugna...
EUVD-2008-6501
Malware in sbrugna...
CVE-2019-12144
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses th...
Path traversal
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses th...
CVE-2019-12144
CVE-2019-12144 affects Progress IPSwitch WS_FTP Server 2018 (before 8.6.1). The issue is in SSHServerAPI.dll and enables path traversal via SCP, with potential remote code execution by crafting a payload that abuses the SITE command feature. Multiple connected sources (NVD entry, CNVD entry, PRIO...
WzdFTPD <= 0.5.4 (SITE) Remote Command Execution Exploit (meta)
No description provided by source. Reference: http://www.milw0rm.com/id.php?id=1231 kcope /str0ke Metasploit plugin for: Wzdftpd SITE Command Arbitrary Command Execution 2005 11 26 - David Maciejak package Msf::Exploit::wzdftpdsite; use base Msf::Exploit; use strict; use Pex::Text; my $advanced =...
Null FTP Server SITE Command Execution Vulnerability
This host has Null FTP Server installed and is prone to arbitrary code execution vulnerability. OpenVAS Vulnerability Test $Id: gbnullftpserversitecmdexecvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Null FTP Server SITE Command Execution Vulnerability Authors: Nikita MR Copyright: Copyright c 200...
PT-2009-2004 · Null · Null Ftp Server
Name of the Vulnerable Software and Affected Versions: NULL FTP Server Free and Pro version 1.1.0.7 Description: The issue allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters, such as & ampersand, in the middle of an argument...
NULL FTP Server 1.1.0.7 - 'Site' Command Injection
vuln.sg Vulnerability Research Advisory NULL FTP Server SITE Parameters Command Injection Vulnerability by Tan Chew Keong Release Date: 2008-12-05 Summary A vulnerability has been found in NULL FTP Server. When exploited, this vulnerability allows an authenticated user to execute arbitrary shell...
Debian Security Advisory DSA 1006-1 (wzdftpd)
The remote host is missing an update to wzdftpd announced via advisory DSA 1006-1. kcope discovered that the wzdftpd FTP server lacks input sanitising for the SITE command, which may lead to the execution of arbitrary shell commands. The old stable distribution woody does not contain wzdftpd...
Gene6 FTP Server本地权限提升漏洞
Gene6 FTP Server是一款非常流行的Microsoft Windows平台的FTP Server。 默认安装后,本地的非特权用户可以修改Gene6 FTP Server的设置,例如添加新的SITE命令。由于Gene6 FTP Server是以SYSTEM权限运行的,因此攻击者可以轻易的提升权限。 Gene6 G6 FTP Server http://marc.theaimsgroup.com 1. 以非特权用户的身份登陆。 2. 打开Gene6 FTP Server控制台,添加FTP用户帐号,如“test” 3. 对FTP...
WzdFTPD 0.5.4 - SITE Remote Command Execution (Metasploit)
WzdFTPD 0.5.4 - SITE Remote Command Execution Metasploit Reference: http://www.milw0rm.com/id.php?id=1231 https://www.exploit-db.com/exploits/1231/ kcope /str0ke Metasploit plugin for: Wzdftpd SITE Command Arbitrary Command Execution 2005 11 26 - David Maciejak package Msf::Exploit::wzdftpdsite;...
CVE-2005-3081
CVE-2005-3081 - wzdftpd allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the SITE command due to missing input sanitising in wzdftpd. Public advisories note this as a remote command execution vulnerability. Debian/DSA-1006-1 fixes the issue in the ...
CVE-2005-1480
Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows remote attackers to read arbitrary files via a "..\" dot dot backslash in the urlget site command...
CVE-2005-0690
CVE-2005-0690 affects Gene6 FTP Server. The issue arises from improper restriction of access to the control console, enabling local users to modify server configuration and gain privileges (demonstrated via SITE command). Exploitation details, affected versions, and fixes are not provided in the ...
PT-2004-2784 · Ipswitch · Ipswitch Ws Ftp Server
Name of the Vulnerable Software and Affected Versions: Ipswitch WS FTP Server version 4.0.2 Description: The issue allows remote authenticated users to execute arbitrary programs as SYSTEM. This is achieved by using the SITE command to modify certain iFtpSvc options handled by iftpmgr.exe...
OpenFTP format string bug
Format string bug in SITE msg send command...
CVE-2001-0770
Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command...