CVE-2006-6565 – FileZilla FTP Server 0.9.21 - 'LIST/NLST' Denial of Service
https://notcve.org/view.php?id=CVE-2006-6565
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command. FileZilla Server anterior a 0.9.22 permite a un atacante remoto provocar denegación de servicio (caida) a través del argumento wildcard a los comandos (1) LIST o (2) NLST, lo cual resulta en un puntero NULL no referenciado, un grupo diferente de vectores que CVE-2006-????. NOTA: el análisis CVE sugiere que el problema pudo ser debido a un comando PORT malformado. • https://www.exploit-db.com/exploits/2914 http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558 http://www.vupen.com/english/advisories/2006/4937 https://exchange.xforce.ibmcloud.com/vulnerabilities/30853 • CWE-476: NULL Pointer Dereference •
CVE-2005-0851
https://notcve.org/view.php?id=CVE-2005-0851
FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression), allows remote attackers to cause a denial of service (infinite loop) via certain file uploads or directory listings. • http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473 http://www.securityfocus.com/bid/12865 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2005-0850
https://notcve.org/view.php?id=CVE-2005-0850
FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others. • http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473 http://www.securityfocus.com/bid/12865 • CWE-20: Improper Input Validation •