13 matches found
CVE-2004-2675
ArGoSoft FTP Server vulnerable before 1.4.1.6. Remote authenticated users can crash the server by issuing SITE PASS with a long password, leading to database corruption. Affected: ArGoSoft FTP Server
CVE-2001-1043
The CVE-2001-1043 issue affects ArGoSoft FTP Server 1.2.2.2. A remote attacker can read arbitrary files and directories by uploading a .lnk link file that points to the target file, exploiting a file upload/link handling weakness. Root cause: improper handling of Windows .lnk files during file up...
CVE-2005-0696
CVE-2005-0696 refers to a heap-based buffer overflow in ArGoSoft FTP Server triggered by a DELE command with a very long argument (reported on versions including 1.4.2.8 and later 1.4.3.5). The vulnerability allows a remote authenticated user to potentially execute arbitrary code. The issue is de...
CVE-2004-2674
ArGoSoft FTP Server prior to 1.4.1.6 is affected by a directory traversal vulnerability that allows remote authenticated users to determine the existence of arbitrary files via .. sequences in the SITE UNZIP argument. The root cause is improper handling of path traversal in the SITE UNZIP command...
CVE-2005-0519
Summary: CVE-2005-0519 and CVE-2005-0520 affect ArGoSoft FTP Server prior to 1.4.2.8. The server allows remote attackers to read arbitrary files by abusing shortcut files (.LNK) during FTP operations using SITE UNZIP or SITE COPY, leading to a read (and potentially write) access to files on the s...
CVE-2005-0520
CVE-2005-0520 affects ArGoSoft FTP Server prior to version 1.4.2.8. The vulnerability arises from handling shortcut (.LNK) files in the SITE COPY command, enabling remote attackers to read arbitrary files on the server (confidentiality and integrity impacts reported as high). The connected Nessus...
CVE-2000-1194
The provided documents describe CVE-2000-1194 affecting Argosoft FRP server 1.0. An attacker can remotely cause a denial of service and potentially execute arbitrary commands by sending an excessively long string in the USER or CWD commands, indicating a likely input handling/buffer issue. The en...
CVE-2001-1142
The CVE-2001-1142 entry concerns ArGoSoft FTP Server 1.2.2.2, which uses weak password encryption. The underlying issue, as described in the connected sources, is that passwords stored in the password file are protected by weak encryption, enabling an attacker with access to that file to gain pri...
CVE-2004-1428
CVE-2004-1428 affects ArGoSoft FTP Server before 1.4.2.1. The authentication error message differs for nonexistent usernames, enabling remote attackers to enumerate valid usernames. This information disclosure can facilitate dictionary attacks against the remote host. A fix is available: upgrade ...
CVE-2004-2673
This CVE concerns ArGoSoft FTP Server prior to 1.4.1.6. The vulnerability consists of multiple buffer overflows triggered by long arguments in commands SITE ZIP (first or second argument) or SITE COPY, allowing a remote authenticated user to cause a denial of service and potentially execute arbit...
CVE-2004-2672
Affected product : ArGoSoft FTP Server prior to 1.4.2.2. Vulnerability : remote attacker can upload ".lnk" shortcut files, enabling arbitrary file manipulation due to an upload vulnerability. Impact : potential read and write access to files and directories on the FTP server. Root cause / vector ...
CVE-2006-2170
CVE-2006-2170 affects ArgoSoft FTP Server 1.4.3.6. A buffer overflow is triggered by Unicode in the RNTO command, allowing remote attackers to execute arbitrary code. Exploitation was demonstrated by the Infigo FTPStress Fuzzer. The CVSS base score is 6.4 (Medium) with network access, low attack ...
CVE-2004-1429
The CVE-2004-1429 entry applies to ArGoSoft FTP 1.4.2.4 and earlier, where there is no limit on password entry attempts. This disclosure indicates that remote attackers could perform brute-force password guesses against the FTP service, potentially compromising accounts. The connected records con...