CVE-2001-0264
published 2001-06-18CVE-2001-0264: Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.99%
85.6th percentile
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gene6 | g6_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Gene6 BPFTP FTP Server 2.0 - User Credentials Disclosure
exploitdb·2001-04-03
CVE-2001-0264 Gene6 BPFTP FTP Server 2.0 - User Credentials Disclosure
Gene6 BPFTP FTP Server 2.0 - User Credentials Disclosure
---
source: https://www.securityfocus.com/bid/2534/info
G6 FTP Server now known as BPFTP Server is an internet FTP server by Gene6
If a logged in FTP user connects to an external share and submits a malformed 'size' or 'mdtm' command, the user could force the FTP server to make an external SMB connection.
The FTP server must provide login credentials of the user the server is running under in order to make a connection to the remote host. A password hash is sent across the external connection to the host. A third party network utility could be listening for internal and external traffic and capture the password hash. The captured hash could be resolved into the username and password.
#!/usr/bin/perl
# G6-2nbt.pl - example G6 ft
Exploit-DB
Miva htmlscript 2.x - Directory Traversal
exploitdb·1998-01-26
CVE-1999-0264 Miva htmlscript 2.x - Directory Traversal
Miva htmlscript 2.x - Directory Traversal
---
source: https://www.securityfocus.com/bid/2001/info
Miva's htmlscript CGI program provides a unique scripting language with HTML type tags. (Note that htmlscript is an older product no longer distributed by Miva under that name.) Versions of the htmlscript interpreter (a CGI script) prior to 2.9932 are vulnerable to a file reading directory traversal attack using relative paths (eg., "../../../../../../etc/passwd"). An attacker need only append this path as a variable passed to the script via a URL. The contents of any file to which the web server process has read access can be retrieved using this method.
http://host/cgi-bin/htmlscript?../../../../../../../etc/somefile
No writeups or analysis indexed.
2001-06-18
Published