vsftpd vsf_filename_passes_filter Function Denial of Service

According to its self-reported version number, the instance of vsftpd listening on the remote server is earlier than 2.3.3 and, as such, may be affected by a denial of service vulnerability. An error exists in the function 'vsffilenamepassesfilter' in 'ls.c' that allows resource intensive glob...

WS_FTP FTPD "STAT"command overflow parsing-vulnerability warning-the black bar safety net

The following analysis is based on the WSFTP Server 4.0.1. EVAL 4 7 1 5 6 3 1 4version, only the analysis of the“STAT”command overflow . In fact, WSFTP in processing STAT command, many places are length of the judgment, however, there is a place he has been missed, Well, our chance came.:...

CVE-2002-2245

ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session...

CVE-2002-2245

NetBSD ftpd is affected on versions 1.5 through 1.5.3 and 1.6. The issue arises because the FTP server does not properly quote a digit in the response to a STAT command for a filename containing a carriage return followed by a digit, which can cause firewalls and other intermediary devices to los...

CVE-2006-0705

Format string vulnerability in a logging function as used by various SFTP servers, including 1 AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, 2 Reflection for Secure IT Windows Server before 6.0 build 38, 3 F-Secure SSH Server for Windows before 5.3 build 35, 4 F-Secure SSH...

Format string

Format string vulnerability in a logging function as used by various SFTP servers, including 1 AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, 2 Reflection for Secure IT Windows Server before 6.0 build 38, 3 F-Secure SSH Server for Windows before 5.3 build 35, 4 F-Secure SSH...

CVE-2006-0705

CVE-2006-0705 is a format-string vulnerability in SFTP/SSH logging code across multiple servers (e.g., SSH Secure Shell Server variants, and related SFTP servers). The flaw affects the handling of filenames in logs, enabling a remote authenticated user to potentially execute arbitrary commands vi...

HP-UX ftpd glob() Expansion STAT Buffer Overflow

Buffer overflow in FTP server in HPUX 11 and previous allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings. OpenVAS Vulnerability Test $Id: hpftpglobstat.nasl 6522 2017-07-04 15:22:28Z cfischer $...

HP-UX ftpd glob() Expansion STAT Buffer Overflow

Buffer overflow in FTP server in HPUX 11 and previous allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from ...

CVE-2005-0419

Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command...

CVE-2004-1883

Multiple buffer overflows in Ipswitch WSFTP Server 4.0.2 1 allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or 2 may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to b...

PT-2004-2782 · Ipswitch · Ipswitch Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: Ipswitch WS FTP Server version 4.0.2 Description: The issue involves multiple buffer overflows that allow remote authenticated users to execute arbitrary code. This can be achieved by causing a large error string to be generated by the ALLO...

WS_FTP Server STAT Command Remote Overflow

According to its banner, the version of WSFTP running on the remote host has a buffer overflow vulnerability. Sending a 'STAT' command followed by a very long argument results in a buffer overflow. A remote attacker could exploit this to execute arbitrary code. C Tenable Network Security, Inc...

HP-UX ftpd glob() Expansion STAT Command Remote Overflow

Binary data 1819.prm...

WS_FTP Server vulnerable to buffer overflow when supplied overly long "STAT" command

Overview It has been reported that a vulnerability exists in the processing of a "STAT" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...

Ipswitch WS_FTP Server 3.44.0 - FTP Command Buffer Overrun

Ipswitch WSFTP Server 3.44.0 - FTP Command Buffer Overrun // source: https://www.securityfocus.com/bid/8542/info Ipswitch WSFTP Server is reported to be prone to buffer overruns when handling data supplied to the APPE and STAT FTP commands. An FTP user who supplies excessive input to these comman...

CVE-2002-2245

ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session...

Microsoft FTP Service STAT Globbing DoS

A copy of this document can be found online at: http://www.digitaloffense.net/msftpd/advisory.txt ----------------------------------------------------------------------------------------------- -- Microsoft FTP Service STAT Globbing DoS Summary: The Microsoft FTP service is vulnerable to a Denial...

def-2001-31

====================================================================== Defcom Labs Advisory def-2001-31 WSFTP server 2.0.3 Buffer Overflow Author: Andreas Junestam [email protected] Co-Author: Janne Sarendal [email protected] Release Date: 2001-10-05...

Ipswitch WS_FTP Server 1.0.x2.0.x - STAT Remote Buffer Overflow

Ipswitch WSFTP Server 1.0.x2.0.x - STAT Remote Buffer Overflow source: https://www.securityfocus.com/bid/3507/info WSFTP Server, a popular FTP server for Microsoft Windows platforms, is vulnerable to a buffer overflow condition when a user submits a specially crafted legitimate FTP command. WSFTP...