CVSS: 4.0EPSS: 6%CPEs: 126EXPL: 1CVE-2010-2426 – Titan FTP XCRC Directory Traversal Information Disclosure
https://notcve.org/view.php?id=CVE-2010-2426
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command. Vulnerabilidad de salto de directorio en TitanFTPd en South River Technologies Titan FTP Server v8.10.1125, y probablemente versiones anteriores, permite a usuarios autentificados remotamente leer ficheros de su elección, tamaño de fichero determinado, a través de la secuencia "..//" en el comando xcrc. • http://osvdb.org/65533 http://secunia.com/advisories/40237 http://www.securityfocus.com/archive/1/511839/100/0/threaded http://www.securityfocus.com/bid/40949 https://exchange.xforce.ibmcloud.com/vulnerabilities/59492 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 9%CPEs: 2EXPL: 1CVE-2008-0702 – Titan FTP Server 6.03 - 'USER/PASS' Remote Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-0702
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641. Múltiples desbordamientos basados en montículo en Titan FTP Server 6.03 y 6.0.5.549, que permite a atacantes remotos causar una denegación de servicio (cuelgue o caída de demonio) y la posibilidad de ejecutar código de su elección a través de un argumento largo a los comandos (1) USER o (2) PASS, diferentes vectores que el id. CVE-2004-1641. • https://www.exploit-db.com/exploits/5036 http://secunia.com/advisories/28760 http://securityreason.com/securityalert/3639 http://www.securityfocus.com/archive/1/487431/100/0/threaded http://www.securityfocus.com/bid/27568 http://www.vupen.com/english/advisories/2008/0393 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •