CVE-2009-3484 – Core FTP LE 2.1 build 1612 - Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-3484
Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en Core FTP v2.1 build 1612 permite a atacantes remotos asistidos ejecutar código de su elección a través del un hostname largo en una entrada al servidor FTP en un archivo backup. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • https://www.exploit-db.com/exploits/9815 http://osvdb.org/58385 http://secunia.com/advisories/36872 http://www.packetstormsecurity.org/0909-exploits/coreftp_local.py.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/53488 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-2519
https://notcve.org/view.php?id=CVE-2008-2519
Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. Vulnerabilidad de salto de directorio en Core FTP client 2.1 Build 1565 permite a servidores FTP remotos crear o sobrescribir ficheros de su elección a través de secuencias .. (punto punto) en respuesta a comandos LIST, una cuestión relacionada a CVE-2002-1345. • http://secunia.com/advisories/30389 http://vuln.sg/coreftp211565-en.html http://www.coreftp.com/forums/viewtopic.php?t=6078 http://www.securityfocus.com/bid/29362 http://www.vupen.com/english/advisories/2008/1643/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42605 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •