7 matches found
CVE-2014-0160
CVE-2014-0160 (Heartbleed) is an information-disclosure vulnerability in OpenSSL’s TLS/DTLS heartbeat implementation. Affected: OpenSSL 1.0.1 before 1.0.1g. Root cause: improper handling of the Heartbeat extension (d1_both.c, t1_lib.c) leading to a buffer over-read, enabling an attacker to read m...
CVE-2014-0224
CVE-2014-0224 describes an OpenSSL ChangeCipherSpec (CCS) handling flaw that can enable a Man-in-the-Middle to force use of weak key material in TLS/SSL sessions, allowing traffic decryption or modification between vulnerable client and server. The initial OpenSSL disclosures specify affected ser...
CVE-2015-10003
FileZilla Server up to 0.9.50 is affected by CVE-2015-10003, with the issue localized in the PORT Handler component. The description indicates an unspecified manipulation yielding an unintended intermediary, and that the issue can be exploited remotely. Upgrading to version 0.9.51 is stated as th...
CVE-2009-0884
FileZilla Server
CVE-2006-6565
FileZilla Server is affected by CVE-2006-6565: prior to version 0.9.22, remote attackers can cause a denial-of-service (crash) by sending a wildcard argument to LIST or NLST commands, leading to a NULL pointer dereference. The issue is related to malformed PORT handling in some vectors; an upgrad...
CVE-2005-0850
Vulnerability summary (CVE-2005-0850): FileZilla FTP Server prior to 0.9.6 is susceptible to denial of service when a client requests a filename containing MS-DOS device names (e.g., CON, NUL, COM1, LPT1). The issue is confirmed in multiple security feeds, and related Nessus findings also describ...
CVE-2005-0851
CVE-2005-0851 affects the FileZilla FTP Server up to version 0.9.6. When using MODE Z (zlib compression), it can trigger a denial-of-service via certain file uploads or directory listings, causing an infinite loop. The vulnerability is associated with a NETWORK attack vector, with low complexity ...