110 matches found
CVE-2009-4795
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the 1 USER aka username or 2 PASS aka password command...
Sql injection
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the 1 USER aka username or 2 PASS aka password command...
CVE-2009-4795
CVE-2009-4795 : In Xlight FTP Server prior to 3.2.1, when ODBC authentication is enabled, remote attackers can trigger SQL injection through the USER (username) or PASS (password) commands. The underlying issue is the server processing user-supplied credentials in SQL without proper validation, a...
CVE-2009-4795
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the 1 USER aka username or 2 PASS aka password command...
Xlight FTP Server user参数SQL注入漏洞
BUGTRAQ ID: 34288 Xlight FTP Server是Windows平台下的一款高性能FTP服务器软件。 在执行ODBC认证过程中Xlight FTP Server没有正确地过滤用户所提交的用户名和口令字段,远程攻击者可以用“OR '1'='1' ;”替换用户名绕过认证登录到服务器。 XLight FTP Server XLight FTP Server 3.2.1 厂商补丁: XLight FTP Server ----------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Xlight FTP Server Authentication SQL Injection
Binary data 4981.prm...
Xlight FTP Server Authentication SQL Injection
The version of Xlight FTP installed on the remote host is vulnerable to a SQL injection attack during login. This allows an attacker to execute arbitrary SQL commands in the context of the FTP server. Installations that are not using external ODBC authentication are not affected by this...
Xlight FTP Server 3.2 - user SQL Injection
Xlight FTP Server 3.2 - user SQL Injection source: https://www.securityfocus.com/bid/34288/info Xlight FTP Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker ...
Xlight FTP Server 3.2 - 'user' SQL Injection
source: https://www.securityfocus.com/bid/34288/info Xlight FTP Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...
CVE-2008-0604
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions...
Authentication flaw
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions...
CVE-2008-0604
The CVE concerns XLight FTP Server (before 2.83). The LDAP authentication feature does not validate blank passwords when used with certain LDAP servers, allowing remote bypass of access restrictions. Affected: XLight FTP Server versions prior to 2.83 using LDAP auth. Impact: potential unauthorize...
CVE-2008-0604
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions...
CVE-2004-0287
Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service crash via a RETR command with a long argument containing a large number of / slash characters, possibly triggering a buffer overflow...
CVE-2004-0255
Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . dot and / slash characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow...
Xlight FTP Server < 1.53 RETR Command Remote Overflow
Binary data 1166.prm...
CVE-2004-0287
Xlight FTP Server 1.52 is vulnerable to a remote denial-of-service via a RETR command with an excessively long argument containing many slash characters, which may trigger a buffer overflow and crash the service. The issue requires authenticated access and affects the server version 1.52 (as cite...
CVE-2004-0255
CVE-2004-0255 affects Xlight FTP Server (example given: v1.52 with log-to-screen enabled). The vulnerability allows remote attackers to cause a denial of service by requesting a long directory consisting of '.' and '/' characters, which crashes the server when an administrator views the log file ...
CVE-2004-0255
Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . dot and / slash characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow...
CVE-2004-0287
Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service crash via a RETR command with a long argument containing a large number of / slash characters, possibly triggering a buffer overflow...