CVE-2007-1195
published 2007-03-02CVE-2007-1195: Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.98%
91.1th percentile
Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dxmsoft | xm_easy_personal_ftp_server | — | — |
| dxmsoft | xm_easy_personal_ftp_server | — | — |
| dxmsoft | xm_easy_personal_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XM Easy Personal FTP Server 5.30 - Remote Format String Write4
exploitdb·2012-06-14
CVE-2007-1195 XM Easy Personal FTP Server 5.30 - Remote Format String Write4
XM Easy Personal FTP Server 5.30 - Remote Format String Write4
---
#!/usr/bin/python
# XM Easy Personal FTP Server v 2
# (+) Choose your option:
# 1. use no authentication (anonymous is disabled)
# 2. use authentication (anonymous is enabled)
# --> 1
# (+) Connecting to the target 192.168.153.160:21
# (+) Seeding payload...
# (+) Triggering write4....
# (+) Connecting to the targets shell!
# Connection to 192.168.153.160 4444 port [tcp/*] succeeded!
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\Documents and Settings\steve>
#
# example exploitation against Windows Server 23k:
#
# mr_me@gliese:~/pentest/research/targets/xm$ ./poc_working.py 192.168.153.159
# -------------------------------------------------------------------------
# XM Easy Per
Exploit-DB
XM Easy Personal FTP Server 5.30 - 'ABOR' Format String Denial of Service
exploitdb·2007-02-28
CVE-2007-1195 XM Easy Personal FTP Server 5.30 - 'ABOR' Format String Denial of Service
XM Easy Personal FTP Server 5.30 - 'ABOR' Format String Denial of Service
---
#!/usr/bin/perl -w
#=========================================================================================================
# XM Easy Personal FTP Server 5.3.0 Multiple vulnerabilities
# By Umesh Wanve
#=========================================================================================================
#
# Vendor: http://www.dxm2008.com/
#
# Date: 28-02-2007
#
#
# 1) Multiple format string attacks. Every command is vulnerable.
# With only single % also the server crashes.
#
# 2) Multiple buffer overflow occurs in commands if we fuzz the server( Better way use ur own fuzzer)
#
#
# Code execution is possbile.
# This is latest version of FTP server.
#
# ######################################################
No writeups or analysis indexed.
http://downloads.securityfocus.com/vulnerabilities/exploits/22747.plhttp://osvdb.org/33813http://www.securityfocus.com/bid/22747http://www.vupen.com/english/advisories/2007/0786https://www.exploit-db.com/exploits/3385http://downloads.securityfocus.com/vulnerabilities/exploits/22747.plhttp://osvdb.org/33813http://www.securityfocus.com/bid/22747http://www.vupen.com/english/advisories/2007/0786https://www.exploit-db.com/exploits/3385
2007-03-02
Published