Lucene search
K
CoreftpCore Ftp

18 matches found

CVE
CVE
added 2022/01/08 10:30 p.m.197 views

CVE-2022-22836

CVE-2022-22836 affects CoreFTP Server prior to 727. An authenticated attacker can exploit directory traversal by sending an HTTP PUT request containing "../" to create files outside the intended directory. The known impact is directory traversal for file creation, with affected versions reported ...

6.5CVSS6.4AI score0.05369EPSS
CVE
CVE
added 2019/03/22 7:2 p.m.117 views

CVE-2019-9649

CVE-2019-9649 concerns Core FTP Server (FTP/SFTP) v2 build 674 and earlier. A directory-traversal flaw in the MDTM FTP command allows a remote attacker to use a ....\ sequence to navigate outside the root directory and determine whether a file exists and its last-modified date. Affected component...

5.3CVSS5.1AI score0.14535EPSS
Web
CVE
CVE
added 2022/02/17 12:51 p.m.113 views

CVE-2022-22899

Core FTP / SFTP Server v2 Build 725 is affected by a buffer error in the SSH service that allows unauthenticated attackers to cause a Denial of Service via a crafted SSH packet. Documented impact is DoS; attack path is network-based, with no authentication required. Remediation guidance across so...

5.5CVSS5.5AI score0.01028EPSS
CVE
CVE
added 2019/03/22 6:49 p.m.101 views

CVE-2019-9648

CVE-2019-9648 affects Core FTP Server FTP/SFTP Server v2 build 674 and earlier. A directory traversal flaw exists in the SIZE command when used with a “....” sequence, allowing an attacker to infer file existence by the server’s response. Public references (Exploit-DB, Metasploit) document this t...

5.3CVSS5.1AI score0.1433EPSS
Web
CVE
CVE
added 2021/04/02 7:58 p.m.91 views

CVE-2020-21588

CVE-2020-21588 affects Core FTP LE v2.2. The issue is a buffer overflow in the Setup->Users->Username editbox that allows a local attacker to cause a denial of service (crash) by supplying a long string. The vulnerability is documented across multiple sources (NVD, Red Hat, CVE lists, CNNVD...

5.5CVSS5.5AI score0.00251EPSS
CVE
CVE
added 2014/05/02 1:0 a.m.60 views

CVE-2014-1441

CVE-2014-1441 affects Core FTP Server 1.2 prior to build 515. A remote attacker can trigger a denial-of-service by sending a malformed AUTH SSL command, with the condition demonstrated by pressing Enter twice, causing a reachable assertion and server crash. Mitigation is to upgrade to Core FTP Se...

4.3CVSS6.9AI score0.01948EPSS
CVE
CVE
added 2018/07/05 8:0 p.m.60 views

CVE-2018-12113

CVE-2018-12113 affects Core FTP LE 2.2 Build 1921. A buffer overflow in handling PASV responses may allow DoS or remote code execution. Multiple post-publication sources (PoC exploits and discussions) confirm the vulnerability; exploitation details exist in PoC materials. No patch/version remedia...

9.8CVSS9.9AI score0.06954EPSS
CVE
CVE
added 2014/05/02 1:0 a.m.59 views

CVE-2014-1442

Core FTP Server 1.2 before build 515 is vulnerable to a Directory Traversal via the XCRC command. The flaw allows remote authenticated users to determine the existence of arbitrary files using a /../ sequence. Affected software: Core FTP Server (version 1.2 prior to build 515). Root cause: improp...

4CVSS6.5AI score0.02373EPSS
CVE
CVE
added 2014/06/25 8:0 p.m.53 views

CVE-2014-4643

CVE-2014-4643 affects Core FTP LE 2.2 build 1798 (client). Multiple heap-based buffer overflows triggered by overly long server replies to the FTP commands (USER, PASS, PASV, SYST, PWD, CDUP) can cause a denial of service and potentially allow arbitrary code execution. Public PoC/exploits exist (...

5CVSS8.1AI score0.08755EPSS
CVE
CVE
added 2014/05/02 1:0 a.m.50 views

CVE-2014-1443

CVE-2014-1443 affects Core FTP Server 1.2 before build 515. Remote authenticated users can disclose the password of the previously logged-on user by sending a specially crafted USER command (length-specifically crafted string), likely due to an out-of-bounds/read-path issue. The impact is informa...

4CVSS6.1AI score0.0177EPSS
CVE
CVE
added 2021/04/05 8:37 p.m.50 views

CVE-2020-19595

CVE-2020-19595 affects Core FTP Server v2 Build 697; a buffer overflow is triggered by a crafted username. The vulnerability is documented with CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base score 7.5) and CVSS v2: base score 5.0 (MEDIUM). Exploitation details are not provided beyond the cr...

7.5CVSS7.5AI score0.01103EPSS
CVE
CVE
added 2009/09/30 3:0 p.m.49 views

CVE-2009-3484

CVE-2009-3484 concerns Core FTP 2.1 build 1612, where a stack-based buffer overflow is triggered by a long hostname in an FTP server entry within a site backup file. This user‑assisted vulnerability could allow an attacker to execute arbitrary code on the affected system. The description explicit...

9.3CVSS7.9AI score0.05638EPSS
CVE
CVE
added 2019/01/02 3:0 p.m.49 views

CVE-2018-20658

CVE-2018-20658 affects Core FTP 2.0 build 653 on 32-bit platforms. The vulnerability allows remote attackers to cause a denial of service (daemon crash) by sending a crafted XRMD command. The Red Hat, CNVD, CNVD-like records corroborate the same description, confirming a DoS outcome but do not pr...

7.5CVSS7.2AI score0.08493EPSS
CVE
CVE
added 2014/04/04 2:0 p.m.48 views

CVE-2013-3930

CVE-2013-3930 affects Core FTP before 2.2 build 1785. A stack-based buffer overflow allows a remote FTP server to execute arbitrary code by sending a crafted directory name in a CWD command reply; exploitation is possible remotely and does not require user interaction. Remediation per sources is ...

9.3CVSS8.2AI score0.0302EPSS
CVE
CVE
added 2018/03/20 9:0 p.m.42 views

CVE-2014-1215

Core FTP Server is affected (versions prior to 1.2 build 508). The vulnerability consists of multiple buffer overflows that occur when reading data from config.dat and the Windows Registry, caused by insufficient boundary checks. A local attacker can exploit these overflows to gain privileges on ...

7.8CVSS7.5AI score0.00373EPSS
CVE
CVE
added 2021/04/05 8:33 p.m.42 views

CVE-2020-19596

CVE-2020-19596 : A buffer overflow vulnerability exists in Core FTP Server v1.2 Build 583, exploitable via a crafted username. Affected component is the server’s input handling for usernames, leading to memory corruption. NVD data lists a high-severity impact (C/P/I/A affected; network attack vec...

9.8CVSS9.3AI score0.01289EPSS
CVE
CVE
added 2026/03/30 11:2 a.m.9 views

CVE-2019-25654

CVE-2019-25654 affects Core FTP/SFTP Server 1.2. The vulnerability is a buffer overflow in the domain field under User configuration, allowing a crafted 7000-byte payload to crash the service and cause denial of service (availability impact). Public metrics list CVSS v3.1 base score 7.5 (HIGH) wi...

8.7CVSS6.1AI score0.00691EPSS
CVE
CVE
added 2026/04/05 8:45 p.m.8 views

CVE-2019-25686

Core FTP 2.0 build 653 is affected by an unauthenticated denial-of-service in the PBSZ command. A malformed PBSZ payload exceeding 211 bytes can trigger an access violation and crash the FTP server process. No remediation or fix version is provided in the supplied documents.

8.7CVSS5.9AI score0.00466EPSS