Lucene search
+L

110 matches found

NVD
NVD
added 2010/04/22 2:30 p.m.13 views

CVE-2009-4795

Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the 1 USER aka username or 2 PASS aka password command...

6.8CVSS8.7AI score0.02027EPSS
Exploits1References5
Prion
Prion
added 2010/04/22 2:30 p.m.17 views

Sql injection

Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the 1 USER aka username or 2 PASS aka password command...

6.8CVSS9.4AI score0.02027EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2010/04/22 2:0 p.m.50 views

CVE-2009-4795

CVE-2009-4795 : In Xlight FTP Server prior to 3.2.1, when ODBC authentication is enabled, remote attackers can trigger SQL injection through the USER (username) or PASS (password) commands. The underlying issue is the server processing user-supplied credentials in SQL without proper validation, a...

6.8CVSS8.9AI score0.02027EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2010/04/22 2:0 p.m.18 views

CVE-2009-4795

Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the 1 USER aka username or 2 PASS aka password command...

8.7AI score0.02027EPSS
Exploits1References5
seebug.org
seebug.org
added 2009/04/01 12:0 a.m.43 views

Xlight FTP Server user参数SQL注入漏洞

BUGTRAQ ID: 34288 Xlight FTP Server是Windows平台下的一款高性能FTP服务器软件。 在执行ODBC认证过程中Xlight FTP Server没有正确地过滤用户所提交的用户名和口令字段,远程攻击者可以用“OR '1'='1' ;”替换用户名绕过认证登录到服务器。 XLight FTP Server XLight FTP Server 3.2.1 厂商补丁: XLight FTP Server ----------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/03/31 12:0 a.m.12 views

Xlight FTP Server Authentication SQL Injection

Binary data 4981.prm...

6.8CVSS7.3AI score0.02027EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2009/03/31 12:0 a.m.36 views

Xlight FTP Server Authentication SQL Injection

The version of Xlight FTP installed on the remote host is vulnerable to a SQL injection attack during login. This allows an attacker to execute arbitrary SQL commands in the context of the FTP server. Installations that are not using external ODBC authentication are not affected by this...

6.8CVSS5.9AI score0.02027EPSS
Exploits1References2
exploitpack
exploitpack
added 2009/03/19 12:0 a.m.7 views

Xlight FTP Server 3.2 - user SQL Injection

Xlight FTP Server 3.2 - user SQL Injection source: https://www.securityfocus.com/bid/34288/info Xlight FTP Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker ...

Exploits0
Exploit DB
Exploit DB
added 2009/03/19 12:0 a.m.33 views

Xlight FTP Server 3.2 - 'user' SQL Injection

source: https://www.securityfocus.com/bid/34288/info Xlight FTP Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...

7.4AI score
Exploits0
NVD
NVD
added 2008/02/06 12:0 p.m.16 views

CVE-2008-0604

The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions...

6.8CVSS7AI score0.01294EPSS
Exploits0References3
Prion
Prion
added 2008/02/06 12:0 p.m.17 views

Authentication flaw

The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions...

6.8CVSS7.5AI score0.01294EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2008/02/06 11:0 a.m.35 views

CVE-2008-0604

The CVE concerns XLight FTP Server (before 2.83). The LDAP authentication feature does not validate blank passwords when used with certain LDAP servers, allowing remote bypass of access restrictions. Affected: XLight FTP Server versions prior to 2.83 using LDAP auth. Impact: potential unauthorize...

6.8CVSS7AI score0.01294EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2008/02/06 11:0 a.m.25 views

CVE-2008-0604

The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions...

7AI score0.01294EPSS
Exploits0References3
NVD
NVD
added 2004/11/23 5:0 a.m.20 views

CVE-2004-0287

Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service crash via a RETR command with a long argument containing a large number of / slash characters, possibly triggering a buffer overflow...

5CVSS6.7AI score0.07325EPSS
Exploits0References3
NVD
NVD
added 2004/11/23 5:0 a.m.21 views

CVE-2004-0255

Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . dot and / slash characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow...

5CVSS7AI score0.07379EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.21 views

Xlight FTP Server < 1.53 RETR Command Remote Overflow

Binary data 1166.prm...

5CVSS7.3AI score0.07379EPSS
Exploits1References4
CVE
CVE
added 2004/03/18 5:0 a.m.51 views

CVE-2004-0287

Xlight FTP Server 1.52 is vulnerable to a remote denial-of-service via a RETR command with an excessively long argument containing many slash characters, which may trigger a buffer overflow and crash the service. The issue requires authenticated access and affects the server version 1.52 (as cite...

5CVSS6.7AI score0.07325EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2004/03/18 5:0 a.m.37 views

CVE-2004-0255

CVE-2004-0255 affects Xlight FTP Server (example given: v1.52 with log-to-screen enabled). The vulnerability allows remote attackers to cause a denial of service by requesting a long directory consisting of '.' and '/' characters, which crashes the server when an administrator views the log file ...

5CVSS7AI score0.07379EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2004/03/18 5:0 a.m.28 views

CVE-2004-0255

Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . dot and / slash characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow...

7AI score0.07379EPSS
Exploits1References3
Cvelist
Cvelist
added 2004/03/18 5:0 a.m.16 views

CVE-2004-0287

Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service crash via a RETR command with a long argument containing a large number of / slash characters, possibly triggering a buffer overflow...

6.6AI score0.07325EPSS
Exploits0References3
Rows per page
Query Builder