CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 2CVE-2014-1441 – Core FTP Server 1.2 DoS / Traversal / Disclosure
https://notcve.org/view.php?id=CVE-2014-1441
Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the enter key twice. Core FTP Server 1.2 anterior a build 515 permite a atacantes remotos causar una denegación de servicio (aserción alcanzable y caída) a través de un comando AUTH SSL con datos malformados, tal y como fue demostrado presionando la tecla ENTER dos veces. Core FTP Server version 1.2 suffers from denial of service race condition, password disclosure, and directory traversal vulnerabilities. • http://coreftp.com/forums/viewtopic.php?t=2985707 http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html http://seclists.org/fulldisclosure/2014/Feb/39 http://secunia.com/advisories/56850 http://www.osvdb.org/102966 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 2CVE-2014-1443 – Core FTP Server 1.2 DoS / Traversal / Disclosure
https://notcve.org/view.php?id=CVE-2014-1443
Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to an out-of-bounds read. Core FTP Server 1.2 anterior a build 515 permite a usuarios remotos autenticados obtener información sensible (contraseña para el usuario anterior) a través de un comando USER con una longitud especifica, posiblemente relacionado con una lectura fuera de rango. Core FTP Server version 1.2 suffers from denial of service race condition, password disclosure, and directory traversal vulnerabilities. • http://coreftp.com/forums/viewtopic.php?t=2985707 http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html http://seclists.org/fulldisclosure/2014/Feb/39 http://secunia.com/advisories/56850 http://www.osvdb.org/102968 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •