EUVD-2006-1179

Malware in sbrugna...

FreeSSHd freeSSHd.exe 远程身份验证绕过漏洞

BUGTRAQ ID: 56785 CVECAN ID: CVE-2012-6066 freeSSHd是开源的SSH和SFTP服务器。 freeFTPd和其内置SFTP服务器存在身份验证绕过漏洞，在提供证书之前,打开SSH通道可绕过身份验证。未经身份验证的远程攻击者可利用此漏洞登录，而不提供任何证书，登录后，上传特制的文件可以系统权限执行任意代码。 0 freeSSHd 1.2.6 厂商补丁： freeSSHd -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://freesshd.com/ FreeSSHD al...

FreeFTPD 'SFTP'身份验证机制绕过漏洞

BUGTRAQ ID: 56782 FreeFTPd是一款基于WeOnlyDo FTP/SFTP实现的免费FTP+SSL/SFTP服务器。 FreeFTPD 1.0.11及其他版本的SFTP身份验证机制存在错误，可被利用绕过身份验证进程，以服务权限执行任意代码。 0 freeFTPd 1.x 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁： 暂停使用freeFTPd。 厂商补丁： freeFTPd -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://freeftpd.com/...

FreeSSHD Remote Authentication Bypass Zeroday Exploit

Exploit for windows platform in category remote exploits FreeSSHD all version Remote Authentication Bypass ZERODAY Discovered & Exploited by Kingcope Year 2011 http://www.exploit-db.com/sploits/23080.zip Run like: ssh.exe -l valid username might be: root admin administrator webadmin sysadmin...

freeSSHd 2.1.3 - Remote Authentication Bypass

freeSSHd 2.1.3 - Remote Authentication Bypass FreeSSHD all version Remote Authentication Bypass ZERODAY Discovered & Exploited by Kingcope Year 2011 Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/23080.zip Run like: ssh.exe -l valid username...

CVE-2006-1175

The WeOnlyDo! SFTP wodSFTP ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page...

CVE-2006-1175

The wodSFTP ActiveX control from WeOnlyDo! is marked as safe for scripting, enabling a remote attacker to read and write files on the local system via a crafted web page or HTML email. Affected component: wodSFTP ActiveX control used by Windows applications; root cause: unsafe exposure of file op...

CVE-2006-1175

The WeOnlyDo! SFTP wodSFTP ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page...

WeOnlyDo! SFTP ActiveX control fails to properly restrict access to methods

Overview The WeOnlyDo! SFTP ActiveX control is incorrectly marked safe for scripting. This may allow a remote unauthenticated attacker to upload arbitrary files from a vulnerable system to an SFTP server or download arbitrary files from an SFTP server to a vulnerable system. Description...

WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate key exchange algorithm strings

Overview The WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate the length of key exchange algorithm strings. This may allow a remote, unauthenticated attacker to execute arbitrary code. Description wodSSHServerActiveX component According to the wodSSHServer ActiveX...

FreeSSHd key exchange buffer overflow

Added: 05/17/2006 CVE: CVE-2006-2407 BID: 17958 OSVDB: 25463 Background freeSSHd is a free SSH server based on WeOnlyDo wodSSHServer. Problem wodSSHServer and its derivatives, including freeSSHd, are affected by a buffer overflow vulnerability in the key exchange algorithm. A remote attacker can...

CVE-2006-2407

Stack-based buffer overflow in 1 WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including 2 FreeSSHd 1.0.9 and 3 freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string...

Stack overflow

Stack-based buffer overflow in 1 WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including 2 FreeSSHd 1.0.9 and 3 freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string...

CVE-2006-2407

The CVE-2006-2407 issue is a stack-based buffer overflow in FreeSSHd (including 1.0.9 and 1.3.3 DEMO) when processing a long key exchange algorithm string, enabling remote code execution. It also affects derivative products (FreeSSHd-based demos and FreeFTPd 1.0.10 as used in other packages). Pub...

CVE-2006-2407

Stack-based buffer overflow in 1 WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including 2 FreeSSHd 1.0.9 and 3 freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string...

CVE-2004-1118

Buffer overflow in the WodFtpDLX.ocx WeOnlyDo! ActiveX component before 2.3.2.97, as used by CoffeeCup Direct FTP 6.2.0.62 and CoffeeCup Free FTP 3.0.0.10, and possibly other applications, allows remote attackers to execute arbitrary code via a long filename...

WeOnlyDo!/CoffeeCup FTP buffer overflow

Buffer overflow during server reply parsing...