EUVD-2020-26455

Malware in sbrugna...

CVE-2020-5221

In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in composeabspath. This has been fixed in versio...

CVE-2020-5204

In uftpd before 2.11, there is a buffer overflow vulnerability in handlePORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses...

uftpd Path Traversal Vulnerability

uftpd is a Linux-based FTP/TFTP file transfer server from the Swedish individual developer Joachim Nilsson. A path traversal vulnerability exists in uftpd FTP server versions 2.7 to 2.10, which stems from multiple unauthenticated directory traversal vulnerabilities in different FTP commands, due ...

uftpd Null Pointer Dereference Vulnerability

uftpd is a Linux FTP/TFTP server. A null pointer dereference vulnerability exists in uftpd versions prior to 2.12. The vulnerability stems from the failure of handleCWD in ftpcmd.c in uftpd to properly handle user-supplied paths. An attacker can cause a denial of service via the CWD /... command ...

uftpd Buffer Overflow Vulnerability

uftpd is a Linux-based FTP/TFTP file transfer server. A buffer overflow vulnerability exists in the 'handlePORT' function of the ftpcmd.c file in uftpd versions prior to 2.11. The vulnerability stems from a network system or product performing operations in memory without properly validating data...