CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40524
https://notcve.org/view.php?id=CVE-2021-40524
05 Sep 2021 — In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.) En Pure-FTPd antes de la versión 1.0.50, un mecanismo incorrecto de cuota max_filesize en el servidor permite a los atacantes subir archivos de tamaño no limitado, lo que puede llev... • https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2020-9274 – Gentoo Linux Security Advisory 202003-54
https://notcve.org/view.php?id=CVE-2020-9274
26 Feb 2020 — An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. Se detectó un problema en Pure-FTPd versión 1.0.49. • https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.1EPSS: 22%CPEs: 87EXPL: 1CVE-2011-1575 – Gentoo Linux Security Advisory 201110-25
https://notcve.org/view.php?id=CVE-2011-1575
23 May 2011 — The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. La implementación de STARTTLS en ftp_parser.c de Pure-FTPd en versiones anteriores a 1.0.30 no restringe correctamente el buffer de entrada/salida, que pe... • https://github.com/masamoon/cve-2011-1575-poc • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 14%CPEs: 90EXPL: 5CVE-2011-0418 – FreeBSD 9.1 - 'ftpd' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-0418
03 May 2011 — The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command. La implementación del comando glob de Pure-FTPd en versiones anteriores a 1.0.32, y en libc de NetBSD 5.1, no expande apropiadamente las expresiones que contienen llaves, lo que permite a usuarios autenticados remotos provocar una denegación de se... • https://packetstorm.news/files/id/120032 • CWE-20: Improper Input Validation •