CVSS: 6.5EPSS: 0%CPEs: 40EXPL: 2CVE-2022-22836 – CoreFTP Server build 725 - Directory Traversal (Authenticated)
https://notcve.org/view.php?id=CVE-2022-22836
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request. CoreFTP Server versiones anteriores a 727 ,permite un salto de directorio (para la creación de archivos) por un atacante autenticado por medio de ../ en una petición HTTP PUT • https://www.exploit-db.com/exploits/50652 http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509 https://yoursecuritybores.me/coreftp-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19596
https://notcve.org/view.php?id=CVE-2020-19596
Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username. Una vulnerabilidad de desbordamiento del búfer en Core FTP Server versión v1.2 Build 583, por medio de un nombre de usuario diseñado • https://www.0x90.zone/binary/reverse/exploitation/2020/08/16/CoreFTPServerRCE.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2013-3930
https://notcve.org/view.php?id=CVE-2013-3930
Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply. Desbordamiento de buffer basado en pila en Core FTP anterior a 2.2 build 1785 permite a servidores remotos FTP ejecutar código arbitrario a través de un nombre de directorio manipulado en una respuesta de comando CWD. • http://osvdb.org/96314 http://secunia.com/advisories/53743 http://www.coreftp.com/forums/viewtopic.php?t=222102 http://www.securityfocus.com/bid/61786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1215
https://notcve.org/view.php?id=CVE-2014-1215
Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry. Múltiples desbordamientos de búfer en Core FTP Server, en versiones anteriores a la 1.2 build 508, permiten que usuarios locales obtengan privilegios mediante vectores relacionados con la lectura de datos de config.dat y el registro de Windows. • http://www.securityfocus.com/archive/1/531144/100/0/threaded https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1215 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 2CVE-2014-1442 – Core FTP Server 1.2 DoS / Traversal / Disclosure
https://notcve.org/view.php?id=CVE-2014-1442
Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command. Vulnerabilidad de salto de directorio en Core FTP Server 1.2 anterior a build 515 permite a usuarios remotos autenticados determinar la existencia de archivos arbitrarios a través de una secuencia /../ en un comando XCRC. Core FTP Server version 1.2 suffers from denial of service race condition, password disclosure, and directory traversal vulnerabilities. • http://coreftp.com/forums/viewtopic.php?t=2985707 http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html http://seclists.org/fulldisclosure/2014/Feb/39 http://secunia.com/advisories/56850 http://www.osvdb.org/102967 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •