CVE-2008-0702 – Titan FTP Server 6.03 - 'USER/PASS' Remote Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-0702
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641. Múltiples desbordamientos basados en montículo en Titan FTP Server 6.03 y 6.0.5.549, que permite a atacantes remotos causar una denegación de servicio (cuelgue o caída de demonio) y la posibilidad de ejecutar código de su elección a través de un argumento largo a los comandos (1) USER o (2) PASS, diferentes vectores que el id. CVE-2004-1641. • https://www.exploit-db.com/exploits/5036 http://secunia.com/advisories/28760 http://securityreason.com/securityalert/3639 http://www.securityfocus.com/archive/1/487431/100/0/threaded http://www.securityfocus.com/bid/27568 http://www.vupen.com/english/advisories/2008/0393 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2004-1641 – Titan FTP Server - Long Command Heap Overflow
https://notcve.org/view.php?id=CVE-2004-1641
Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. • https://www.exploit-db.com/exploits/426 http://marc.info/?l=bugtraq&m=109396159332523&w=2 http://secunia.com/advisories/12419 http://www.securityfocus.com/bid/11069 https://exchange.xforce.ibmcloud.com/vulnerabilities/17172 •
CVE-2004-0437 – Titan FTP Server 3.0 - 'LIST' Denial of Service
https://notcve.org/view.php?id=CVE-2004-0437
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket. Titan FTP Server versión 3.01 compilación 163, y posiblemente otras versiones anteriores a compilación 169, permite a usuarios remotos autenticados causar una denegación de servicio (caída) desconectando del sistema durante una órden "LIST - L", lo que causa que Titan acceda a un socket no válido. • https://www.exploit-db.com/exploits/24080 http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0025.html http://marc.info/?l=bugtraq&m=108378048513596&w=2 http://www.securiteam.com/windowsntfocus/5RP0215CUU.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16057 •