CVSS: 9.3EPSS: 50%CPEs: 3EXPL: 4CVE-2012-6066 – freeFTPd 1.2.6 - Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2012-6066
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. freeSSHd.exe en freeSSHd hasta v1.2.6 permite a atacantes remotos evitar la autenticación a través de una sesión de SFTP manipulada, como lo demuestra un cliente OpenSSH con versiones modificadas de ssh.c y sshconnect2.c. • https://www.exploit-db.com/exploits/23079 https://www.exploit-db.com/exploits/24133 https://www.exploit-db.com/exploits/23080 https://github.com/bongbongco/CVE-2012-6066 http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0012.html https://seclists.org/fulldisclosure/2010/Aug/132 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 3CVE-2008-6899 – freeSSHd 1.2.1 - 'rename' Remote Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2008-6899
Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command. Múltiple desbordamiento de búfer en freeSSHd v1.2.1 permite a usuarios autenticados remotamente causar una denegación de servicio (caída) y ejecutar código a su elección a través de (1) open, (2) unlink, (3) mkdir, (4) rmdir, o(5) comando stat SFTP. • https://www.exploit-db.com/exploits/8295 http://www.bmgsec.com.au/advisories/freeSSHd-bof.txt http://www.securityfocus.com/archive/1/499486/100/0/threaded http://www.securityfocus.com/bid/32972 https://exchange.xforce.ibmcloud.com/vulnerabilities/52434 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 7%CPEs: 1EXPL: 2CVE-2008-4762 – freeSSHd 1.2.1 - (Authenticated) SFTP 'realpath' Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-4762
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters. Desbordamiento de búfer basado en pila en freeSSHd 1.2.1, permite a usuarios autenticados remotamente provocar una denegación de servicio (caída de servicio) y seguramente la ejecución de código de su elección a través de un argumento largo a los parámetros (1) rename y (2) realpath. • https://www.exploit-db.com/exploits/6812 https://www.exploit-db.com/exploits/6800 http://secunia.com/advisories/32366 http://securityreason.com/securityalert/4515 http://www.securityfocus.com/archive/1/497746/100/0/threaded http://www.securityfocus.com/bid/31872 http://www.securitytracker.com/id?1021096 http://www.vupen.com/english/advisories/2008/2897 https://exchange.xforce.ibmcloud.com/vulnerabilities/46046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 8%CPEs: 1EXPL: 3CVE-2008-2573 – freeSSHd 1.2.1 - (Authenticated) Remote Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-2573
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command. Desbordamiento de búfer basado en pila en SFTP en freeSSHd 1.2.1 permite a usuarios remotos autenticados ejecutar código de su elección a través a un nombre de directorio largo en un comando SSH_FXP_OPENDIR (aka opendir). • https://www.exploit-db.com/exploits/5709 https://www.exploit-db.com/exploits/5751 http://secunia.com/advisories/30498 http://www.securityfocus.com/archive/1/493180/100/0/threaded http://www.securityfocus.com/bid/29453 http://www.securitytracker.com/id?1020212 http://www.vupen.com/english/advisories/2008/1711/references • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •