CVE-2008-0725
https://notcve.org/view.php?id=CVE-2008-0725
Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702. Múltiples desbordamientos de búfer basados en la memoria libre para la reserva dinámica (heap) en el (1) servicio FTP y (2) servicio de administración de Titan FTP Server 6.0.5.549. Permiten a atacantes remotos provocar una denegación de servicio (cuelgue del demonio) y posiblemente ejecutar código de su elección a través de un comando largo. NOTA: los comandos USUARIO y CONTRASEÑA para el servicio FTP están cubiertos por CVE-2008-0702. • http://secunia.com/advisories/28760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5930
https://notcve.org/view.php?id=CVE-2007-5930
Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz web del servidor FTP Cerberus anterior al 2.46, permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://osvdb.org/38789 http://secunia.com/advisories/27569 http://www.cerberusftp.com/cerberus-releasenotes.htm#ReleaseNotes http://www.securityfocus.com/bid/26381 http://www.vupen.com/english/advisories/2007/3805 https://exchange.xforce.ibmcloud.com/vulnerabilities/38320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-2170
https://notcve.org/view.php?id=CVE-2006-2170
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. Desbordamiento de búfer en ArgoSoft FTP Server 1.4.3.6 permite a atacantes remotos ejecutar código arbitrario a través de Unicode en el comando RNTO, según lo demostrado por el Infigo FTPStress Fuzzer. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html http://marc.info/?l=bugtraq&m=114658586018818&w=2 http://secunia.com/advisories/19934 http://www.infigo.hr/en/in_focus/tools http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03 http://www.osvdb.org/25216 http://www.securityfocus.com/bid/17789 http://www.vupen.com/english/advisories/2006/1639 https://exchange.xforce.ibmcloud.com/vulnerabilities/26197 •
CVE-2005-0696
https://notcve.org/view.php?id=CVE-2005-0696
Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042523.html http://secunia.com/advisories/14526 http://securityreason.com/securityalert/494 http://securitytracker.com/id?1015681 http://www.securityfocus.com/archive/1/392653 http://www.securityfocus.com/archive/1/426081/100/0/threaded http://www.securityfocus.com/bid/12755 https://www.securinfos.info/english/security-advisories-alerts/20060225_ArGoSoft.FTP.Server_Heap.Overflow.html •
CVE-2005-0520
https://notcve.org/view.php?id=CVE-2005-0520
ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519. • http://secunia.com/advisories/14372 http://www.argosoft.com/ftpserver/changelist.aspx http://www.osvdb.org/14061 http://www.securityfocus.com/bid/12632 https://exchange.xforce.ibmcloud.com/vulnerabilities/19442 •