FTP Server Security Vulnerabilities

CVE-2004-2523

Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message...

CVE-2004-2488

Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP...

CVE-2004-2487

Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) ".." (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls), (d) RNFR, or (e) RNTO FTP...

CVE-2005-3294

Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also...

CVE-2005-2726

Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:" (Windows drive letter) sequences in commands such as (1) LIST or (2)...

CVE-2005-2727

Home Ftp Server 1.0.7 stores sensitive user information and server information in the same directory as the user's home directory, which allows remote authenticated users to obtain sensitive information by obtaining ftpmembers.lst and...

CVE-2004-2366

Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause a denial of service (crash) via a SITE command with a long...

CVE-2004-2309

Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR...

CVE-2005-2479

Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial of service (application crash or CPU consumption) via a long USER...

CVE-2004-2074

Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR...

CVE-2004-2081

The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable...

CVE-2004-2089

Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST...

CVE-2003-1206

Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via "%s" or "%n" sequences in (1) the username during login, or other FTP commands such as (2)...

CVE-2003-1205

Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the "con" MS-DOS device...

CVE-2003-1207

Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*"...

CVE-2004-2082

The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash)...

CVE-2005-1646

The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of...

CVE-2005-1666

Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2)...

CVE-2005-1485

Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error...

CVE-2005-1484

Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a ".." (backward slash dot dot) with a leading '"' (double quote) in the GET...

CVE-2004-1883

Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username.....

CVE-2003-1151

Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error...

CVE-2004-1884

Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain...

CVE-2004-2033

Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET...

CVE-2004-2037

Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP...

CVE-2004-1848

Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller...

CVE-2004-1941

Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not...

CVE-2004-1885

Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by...

CVE-2005-1371

BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain...

CVE-2005-1415

Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP...

CVE-2005-0847

Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of...

CVE-2005-0634

Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER...

CVE-2002-1354

Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a ... (dot dot dot) in the cd/CWD...

CVE-2005-0696

Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect...

CVE-2005-0690

Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE...

CVE-2005-0566

Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remote attackers to execute arbitrary code via a long RNTO...

CVE-2005-0520

ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than...

CVE-2005-0519

ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than...

CVE-2004-1643

WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../"...

CVE-2004-1641

Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3)...

CVE-2004-1429

ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times that a bad password can be entered, which makes it easier for remote attackers to guess passwords via a brute force...

CVE-2004-1428

ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid...

CVE-2004-1135

Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR...

CVE-2004-0325

TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using...

CVE-2004-0252

TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of service (CPU consumption) via an empty USER...

CVE-2004-0295

TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle...

CVE-2004-0255

Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer...

CVE-2004-0282

Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of service (crash) by repeatedly connecting to and disconnecting from the...

CVE-2004-0296

TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a TsFtpSrv.exe to exit with an exception by opening and immediately closing a...

CVE-2004-0277

Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the...