CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 1CVE-2013-2512
https://notcve.org/view.php?id=CVE-2013-2512
26 Jan 2021 — The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic. La gema ftpd versión 0.2.1 para Ruby, permite a atacantes remotos ejecutar comandos arbitrarios del Sistema Operativo por medio de metacaracteres de shell en un argumento de comando LIST o NLST dentro del tráfico del protocolo FTP • http://vapidlabs.com/advisory.php?v=34 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 44%CPEs: 2EXPL: 6CVE-2010-2620 – (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval
https://notcve.org/view.php?id=CVE-2010-2620
02 Jul 2010 — Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first. El servidor FTP Open&Compact (Open-FTPD) v1.2 y anteriores permite a atacantes remotos evitar la autenticación mediante el envío de los comandos (1) LIST, (2) RETR, (3) STOR, y otros comandos sin necesidad de autenticación. • https://packetstorm.news/files/id/122747 • CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-7094
https://notcve.org/view.php?id=CVE-2006-7094
28 Feb 2007 — ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors. ftpd, como se usa en Gentoo y Debian Linux, establece el valor gid como el uid efectivo en lugar del identificador de grupo efectivo antes de ejecutar /bin/ls, lo cual permite a usuarios remotos autenticados listar directorios de ... • http://bugs.debian.org/384454 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5778
https://notcve.org/view.php?id=CVE-2006-5778
07 Nov 2006 — ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory. ftpd en linux-ftpd 0.17, y posiblemente otras versiones, efectúa un chdir antes de establecer el UID, lo cual permite a usuarios locales evitar las restricciones de acceso previstas redireccionando su directorio home a un directorio restringido. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454 •
CVSS: 10.0EPSS: 25%CPEs: 1EXPL: 2CVE-2005-3524 – linux-ftpd-ssl 0.17 - 'MKD'/'CWD' Remote Code Execution
https://notcve.org/view.php?id=CVE-2005-3524
07 Nov 2005 — Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command. • https://www.exploit-db.com/exploits/1295 •