CVE-2017-16513 – Ipswitch WS_FTP Professional < 12.6.0.3 - Local Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2017-16513
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. Ipswitch WS_FTP Professional en versiones anteriores a la 12.6.0.3 incluye desbordamientos de búfer en el campo de búsqueda local y el campo de localizaciones de copias de seguridad. Esto también se conoce como WSCLT-1729. • https://www.exploit-db.com/exploits/43115 https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-4775 – Ipswitch WS_FTP 12 Professional - Remote Format String (PoC)
https://notcve.org/view.php?id=CVE-2009-4775
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. Vulnerabilidad de formato de cadena en Ipswitch WS_FTP Professional v12 anterior a v12.2, permite a atacantes remotos provocar una denegación de servicio (caída) a través de especificadores de formato de cadena en el "status code" de una respuesta HTTP. • https://www.exploit-db.com/exploits/9607 http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23 http://www.exploit-db.com/exploits/9607 http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt http://www.securityfocus.com/bid/36297 https://exchange.xforce.ibmcloud.com/vulnerabilities/53098 • CWE-134: Use of Externally-Controlled Format String •