CVE-2004-2082
published 2004-02-13CVE-2004-2082: The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a…
PriorityP418medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
7.00%
93.4th percentile
The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| karjasoft | sami_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
cPanel 5/6/7/8/9 - Login Script Remote Command Execution
exploitdb·2004-03-12
CVE-2004-1770 cPanel 5/6/7/8/9 - Login Script Remote Command Execution
cPanel 5/6/7/8/9 - Login Script Remote Command Execution
---
source: https://www.securityfocus.com/bid/9855/info
A potential remote command execution vulnerability has been discovered in the cPanel application. This issue occurs due to insufficient sanitization of externally supplied data to the login script. An attacker may exploit this problem by crafting a malicious URI request for the affected script; the attacker may then supply shell metacharacters and arbitrary commands as a value for the affected variable.
http://www.example.com.com:2082/login/?user=|"`id`"|
Exploit-DB
cPanel 5/6/7/8/9 - 'dir' Cross-Site Scripting
exploitdb·2004-03-12
CVE-2004-2308 cPanel 5/6/7/8/9 - 'dir' Cross-Site Scripting
cPanel 5/6/7/8/9 - 'dir' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9853/info
It has been reported that cPanel may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data via the 'dir' parameter of 'dohtaccess.html' page. The victim may require to be authenticated with valid credentials to be exposed to exploitation.
Due to the possibility of attacker-specified HTML and script code being rendered in a victim's browser, it is possible to steal cookie-based authentication credentials from that user. Other attacks are possible as well.
http://www.example.com:2082/frontend/x/htaccess/dohtaccess.html?dir=>aler
Exploit-DB
cPanel 5/6/7/8/9 - Resetpass Remote Command Execution
exploitdb·2004-03-11
CVE-2004-1769 cPanel 5/6/7/8/9 - Resetpass Remote Command Execution
cPanel 5/6/7/8/9 - Resetpass Remote Command Execution
---
source: https://www.securityfocus.com/bid/9848/info
A potential remote command execution vulnerability has been discovered in the cPanel Application. This issue occurs due to insufficient sanitization of externally supplied data to the script that handles resetting user passwords.
An attacker may exploit this problem by crafting a malicious URI request for the affected script; the attacker may then supply shell metacharacters and arbitrary commands as a value for the affected variable.
http://www.example.com:2082/resetpass/?user=|">ls"|
Exploit-DB
Sami FTP Server 1.1.3 - Library Crafted GET Remote Denial of Service
exploitdb·2004-02-13
CVE-2004-2082 Sami FTP Server 1.1.3 - Library Crafted GET Remote Denial of Service
Sami FTP Server 1.1.3 - Library Crafted GET Remote Denial of Service
---
source: https://www.securityfocus.com/bid/9657/info
Sami FTP Server has been reported prone to multiple remote denial of service vulnerabilities. It has been reported that an attacker who has sufficient credentials to access a vulnerable server, may cause the pmsystem.exe executable to raise a fatal exception by making unexpected FTP requests.
get
No writeups or analysis indexed.
http://www.karja.com/samiftp/news.htmlhttp://www.securityfocus.com/archive/1/353753http://www.securityfocus.com/bid/9657https://exchange.xforce.ibmcloud.com/vulnerabilities/15204http://www.karja.com/samiftp/news.htmlhttp://www.securityfocus.com/archive/1/353753http://www.securityfocus.com/bid/9657https://exchange.xforce.ibmcloud.com/vulnerabilities/15204
2004-02-13
Published