CVE-2008-5045 – FTP Now 2.6 Server - Response Remote Crash (PoC)
https://notcve.org/view.php?id=CVE-2008-5045
Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long. Desbordamiento de búfer basado en pila en Network-Client FTP Now v2.6, y posiblemente otras versiones, permiten a los servidores FTP remotos provocar una denegación de servicio (caída) a través de una respuesta de servidor del tipo 200 que tiene un tamaño de 1024 caracteres. • https://www.exploit-db.com/exploits/6926 http://securityreason.com/securityalert/4583 http://www.securityfocus.com/bid/32080 https://exchange.xforce.ibmcloud.com/vulnerabilities/46319 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-1094 – FTP Now 2.6.14 - Local Password Disclosure
https://notcve.org/view.php?id=CVE-2005-1094
FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. • https://www.exploit-db.com/exploits/918 http://secunia.com/advisories/14889 http://securitytracker.com/id?1013657 http://www.osvdb.org/15296 https://exchange.xforce.ibmcloud.com/vulnerabilities/20025 •