CVE-2008-3734 – Ipswitch WS_FTP Home/Professional FTP Client - Remote Format String (PoC)
https://notcve.org/view.php?id=CVE-2008-3734
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). Vulnerabilidad de formato de cadena en Ipswitch WS_FTP Home 2007.0.0.2 y WS_FTP Professional 2007.1.0.0, permite a servidores FTP remotos provocar una denegación de servicio (caída de la aplicación) o puede que ejecutar código de su elección mediante especificadores de formato de cadena en un saludo de conexión (respuesta). • https://www.exploit-db.com/exploits/6257 http://secunia.com/advisories/31504 http://securityreason.com/securityalert/4173 http://www.securityfocus.com/bid/30720 http://www.securitytracker.com/id?1020713 http://www.securitytracker.com/id?1020714 https://exchange.xforce.ibmcloud.com/vulnerabilities/44512 • CWE-134: Use of Externally-Controlled Format String •
CVE-2007-0665
https://notcve.org/view.php?id=CVE-2007-0665
Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command. Vulnerabilidad de formato de cadena en el módulo SCP en Ipswitch WS_FTP 2007 Professional podría permitir a atacantes remotos ejecutar comandos de su elección a través de las especificaciones de formato de cadena en el nombre de ficheroo, relacionado con la secuencia de comandos SHELL WS_FTP. • http://osvdb.org/33602 http://www.securityfocus.com/archive/1/458293/100/0/threaded http://www.securityfocus.com/bid/22275 https://exchange.xforce.ibmcloud.com/vulnerabilities/31865 •
CVE-2007-0330
https://notcve.org/view.php?id=CVE-2007-0330
Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. Desbordamiento de búfer en wsbho2k0.dll, como ha sido utilizado en wsftpurl.exe, en Ipswitch WS_FTP 2007 Professional permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección mediante una URL larga del tipo ftp:// en un documento HTML, y posiblemente otros vectores. • http://osvdb.org/33476 http://securityreason.com/securityalert/2160 http://www.securityfocus.com/archive/1/456755/100/0/threaded http://www.securityfocus.com/archive/1/456901/100/0/threaded http://www.securityfocus.com/archive/1/457097/100/0/threaded http://www.securityfocus.com/bid/22062 •
CVE-2004-1884
https://notcve.org/view.php?id=CVE-2004-1884
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. • http://marc.info/?l=bugtraq&m=108006581418116&w=2 http://secunia.com/advisories/11206 http://www.securityfocus.com/bid/9953 https://exchange.xforce.ibmcloud.com/vulnerabilities/15558 •
CVE-2002-1851
https://notcve.org/view.php?id=CVE-2002-1851
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors. • http://www.iss.net/security_center/static/10185.php http://www.nextgenss.com/vna/ips-wsftp.txt http://www.securityfocus.com/bid/4850 •