CVE-2018-5310 – Media from FTP Plugin < 9.85 - Directory Traversal
https://notcve.org/view.php?id=CVE-2018-5310
In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. En el plugin "Media from FTP" en versiones anteriores a la 9.85 para WordPress, existe salto de directorio mediante el parámetro searchdir en el URI wp-admin/admin.php?page=mediafromftp-search-register. The Media from FTP Plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 9.84 via the searchdir parameter to the wp-admin/admin.php? • https://github.com/d4wner/Vulnerabilities-Report/blob/master/media-from-ftp.md https://wordpress.org/plugins/media-from-ftp/#developers https://wordpress.org/support/topic/any-directory-traversal-bugs-at-the-latest-version-of-media-from-ftp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2015-7601 – PCMan FTP Server 2.0.7 - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-7601
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. Vulnerabilidad de salto de directorio en PCMan's FTP Server 2.0.7, permite a atacantes remotos leer archivos arbitrarios a través de un ..// (punto punto doble barra) en un comando RETR. • https://www.exploit-db.com/exploits/38340 http://packetstormsecurity.com/files/133756/PCMan-FTP-Server-2.0.7-Directory-Traversal.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-4730 – PCMan FTP Server 2.0 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4730
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command. Desbordamiento de buffer en PCMan's FTP Server 2.0.7 permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga en un comando USER. • https://www.exploit-db.com/exploits/26495 https://www.exploit-db.com/exploits/27007 https://www.exploit-db.com/exploits/26471 https://www.exploit-db.com/exploits/31255 https://www.exploit-db.com/exploits/31254 https://www.exploit-db.com/exploits/27703 https://www.exploit-db.com/exploits/36078 https://www.exploit-db.com/exploits/28328 https://www.exploit-db.com/exploits/38013 https://www.exploit-db.com/exploits/27277 https://www.exploit-db.com/exploits/31789 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4095
https://notcve.org/view.php?id=CVE-2010-4095
Directory traversal vulnerability in the FTP client in Serengeti Systems Incorporated Robo-FTP 3.7.3, and probably other versions before 3.7.5, allows remote FTP servers to write arbitrary files via a .. (dot dot) in a filename in a server response. Vulnerabilidad de directorio traversal en el cliente de FTP en Serengeti Systems Incorporated Robo-FTP v3.7.3, y probablemente otras versiones anteriores a v3.7.5, permite a servidores FTP escribir ficheros de su lección a través de los caracteres .. (punto punto) en ficheros en una respuesta de servidor. • http://kb.robo-ftp.com/change_log/show/77 http://secunia.com/advisories/41809 http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_robo_ftp.html http://www.securityfocus.com/archive/1/514267/100/0/threaded http://www.securityfocus.com/bid/44073 https://exchange.xforce.ibmcloud.com/vulnerabilities/62548 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-4103
https://notcve.org/view.php?id=CVE-2009-4103
Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Desbordamiento de búfer en Robo-FTP v3.6.17, y posiblemente otras versiones, permite a servidores FTP remotos provocar una denegación de servicio y posiblemente la ejecución de código de su elección a través de respuestas FTP no especificadas. NOTA: el origen de esta información es desconocido. Los detalles han sido obtenidos a partir de terceros. • http://osvdb.org/60513 http://secunia.com/advisories/37452 http://www.securityfocus.com/bid/37143 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •