CVE-2009-4606 – South River Technologies WebDrive Service 9.02 build 2232 - Bad Security Descriptor Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4606
South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. South River Technologies WebDrive v9.02 build 2232 instala el servicio de disco remoto sin un descriptor de seguridad, lo que permite a usuarios locales (1) parar el servicio a través del comando "stop", (2) ejecutar comandos arbitrarios como SYSTEM mediante el uso del comando "config" para modificar la variable "binPatch", o (3) reiniciar el servicio a través del comando "Start". • https://www.exploit-db.com/exploits/11264 http://osvdb.org/59080 http://retrogod.altervista.org/9sg_south_river_priv.html http://secunia.com/advisories/37083 http://www.securityfocus.com/archive/1/507323/100/0/threaded http://www.vupen.com/english/advisories/2009/2994 https://exchange.xforce.ibmcloud.com/vulnerabilities/53885 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5281 – Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-5281
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command. Desbordamiento de búfer basado en montículo en el servidor FTP Titan v6.05 build 550 permite a atacantes remotos ejecutar código de su elección a través de un comando "DELE" largo. • https://www.exploit-db.com/exploits/31105 http://packetstormsecurity.org/0802-exploits/titan-heap-py.txt http://www.securityfocus.com/bid/27611 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0702 – Titan FTP Server 6.03 - 'USER/PASS' Remote Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-0702
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641. Múltiples desbordamientos basados en montículo en Titan FTP Server 6.03 y 6.0.5.549, que permite a atacantes remotos causar una denegación de servicio (cuelgue o caída de demonio) y la posibilidad de ejecutar código de su elección a través de un argumento largo a los comandos (1) USER o (2) PASS, diferentes vectores que el id. CVE-2004-1641. • https://www.exploit-db.com/exploits/5036 http://secunia.com/advisories/28760 http://securityreason.com/securityalert/3639 http://www.securityfocus.com/archive/1/487431/100/0/threaded http://www.securityfocus.com/bid/27568 http://www.vupen.com/english/advisories/2008/0393 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2004-1641 – Titan FTP Server - Long Command Heap Overflow
https://notcve.org/view.php?id=CVE-2004-1641
Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. • https://www.exploit-db.com/exploits/426 http://marc.info/?l=bugtraq&m=109396159332523&w=2 http://secunia.com/advisories/12419 http://www.securityfocus.com/bid/11069 https://exchange.xforce.ibmcloud.com/vulnerabilities/17172 •
CVE-2004-0437 – Titan FTP Server 3.0 - 'LIST' Denial of Service
https://notcve.org/view.php?id=CVE-2004-0437
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket. Titan FTP Server versión 3.01 compilación 163, y posiblemente otras versiones anteriores a compilación 169, permite a usuarios remotos autenticados causar una denegación de servicio (caída) desconectando del sistema durante una órden "LIST - L", lo que causa que Titan acceda a un socket no válido. • https://www.exploit-db.com/exploits/24080 http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0025.html http://marc.info/?l=bugtraq&m=108378048513596&w=2 http://www.securiteam.com/windowsntfocus/5RP0215CUU.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16057 •