18 matches found
CVE-2022-22836
CVE-2022-22836 affects CoreFTP Server prior to 727. An authenticated attacker can exploit directory traversal by sending an HTTP PUT request containing "../" to create files outside the intended directory. The known impact is directory traversal for file creation, with affected versions reported ...
CVE-2019-9649
CVE-2019-9649 concerns Core FTP Server (FTP/SFTP) v2 build 674 and earlier. A directory-traversal flaw in the MDTM FTP command allows a remote attacker to use a ....\ sequence to navigate outside the root directory and determine whether a file exists and its last-modified date. Affected component...
CVE-2022-22899
Core FTP / SFTP Server v2 Build 725 is affected by a buffer error in the SSH service that allows unauthenticated attackers to cause a Denial of Service via a crafted SSH packet. Documented impact is DoS; attack path is network-based, with no authentication required. Remediation guidance across so...
CVE-2019-9648
CVE-2019-9648 affects Core FTP Server FTP/SFTP Server v2 build 674 and earlier. A directory traversal flaw exists in the SIZE command when used with a “....” sequence, allowing an attacker to infer file existence by the server’s response. Public references (Exploit-DB, Metasploit) document this t...
CVE-2020-21588
CVE-2020-21588 affects Core FTP LE v2.2. The issue is a buffer overflow in the Setup->Users->Username editbox that allows a local attacker to cause a denial of service (crash) by supplying a long string. The vulnerability is documented across multiple sources (NVD, Red Hat, CVE lists, CNNVD...
CVE-2014-1441
CVE-2014-1441 affects Core FTP Server 1.2 prior to build 515. A remote attacker can trigger a denial-of-service by sending a malformed AUTH SSL command, with the condition demonstrated by pressing Enter twice, causing a reachable assertion and server crash. Mitigation is to upgrade to Core FTP Se...
CVE-2018-12113
CVE-2018-12113 affects Core FTP LE 2.2 Build 1921. A buffer overflow in handling PASV responses may allow DoS or remote code execution. Multiple post-publication sources (PoC exploits and discussions) confirm the vulnerability; exploitation details exist in PoC materials. No patch/version remedia...
CVE-2014-1442
Core FTP Server 1.2 before build 515 is vulnerable to a Directory Traversal via the XCRC command. The flaw allows remote authenticated users to determine the existence of arbitrary files using a /../ sequence. Affected software: Core FTP Server (version 1.2 prior to build 515). Root cause: improp...
CVE-2014-4643
CVE-2014-4643 affects Core FTP LE 2.2 build 1798 (client). Multiple heap-based buffer overflows triggered by overly long server replies to the FTP commands (USER, PASS, PASV, SYST, PWD, CDUP) can cause a denial of service and potentially allow arbitrary code execution. Public PoC/exploits exist (...
CVE-2009-3484
CVE-2009-3484 concerns Core FTP 2.1 build 1612, where a stack-based buffer overflow is triggered by a long hostname in an FTP server entry within a site backup file. This user‑assisted vulnerability could allow an attacker to execute arbitrary code on the affected system. The description explicit...
CVE-2014-1443
CVE-2014-1443 affects Core FTP Server 1.2 before build 515. Remote authenticated users can disclose the password of the previously logged-on user by sending a specially crafted USER command (length-specifically crafted string), likely due to an out-of-bounds/read-path issue. The impact is informa...
CVE-2020-19595
CVE-2020-19595 affects Core FTP Server v2 Build 697; a buffer overflow is triggered by a crafted username. The vulnerability is documented with CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base score 7.5) and CVSS v2: base score 5.0 (MEDIUM). Exploitation details are not provided beyond the cr...
CVE-2018-20658
CVE-2018-20658 affects Core FTP 2.0 build 653 on 32-bit platforms. The vulnerability allows remote attackers to cause a denial of service (daemon crash) by sending a crafted XRMD command. The Red Hat, CNVD, CNVD-like records corroborate the same description, confirming a DoS outcome but do not pr...
CVE-2013-3930
CVE-2013-3930 affects Core FTP before 2.2 build 1785. A stack-based buffer overflow allows a remote FTP server to execute arbitrary code by sending a crafted directory name in a CWD command reply; exploitation is possible remotely and does not require user interaction. Remediation per sources is ...
CVE-2014-1215
Core FTP Server is affected (versions prior to 1.2 build 508). The vulnerability consists of multiple buffer overflows that occur when reading data from config.dat and the Windows Registry, caused by insufficient boundary checks. A local attacker can exploit these overflows to gain privileges on ...
CVE-2020-19596
CVE-2020-19596 : A buffer overflow vulnerability exists in Core FTP Server v1.2 Build 583, exploitable via a crafted username. Affected component is the server’s input handling for usernames, leading to memory corruption. NVD data lists a high-severity impact (C/P/I/A affected; network attack vec...
CVE-2019-25654
CVE-2019-25654 affects Core FTP/SFTP Server 1.2. The vulnerability is a buffer overflow in the domain field under User configuration, allowing a crafted 7000-byte payload to crash the service and cause denial of service (availability impact). Public metrics list CVSS v3.1 base score 7.5 (HIGH) wi...
CVE-2019-25686
Core FTP 2.0 build 653 is affected by an unauthenticated denial-of-service in the PBSZ command. A malformed PBSZ payload exceeding 211 bytes can trigger an access violation and crash the FTP server process. No remediation or fix version is provided in the supplied documents.