CVE-2011-0507
published 2011-01-20CVE-2011-0507: FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
4.92%
91.0th percentile
FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large number of PORT commands with long arguments, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blackmoonftpserver | blackmoon_ftp_server | — | — |
| blackmoonftpserver | blackmoon_ftp_server | — | — |
| blackmoonftpserver | blackmoon_ftp_server | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat3.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c6fr-x99h-2jv7: FTPService
ghsa_unreviewed·2022-05-17
CVE-2011-0507 [MEDIUM] GHSA-c6fr-x99h-2jv7: FTPService
FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large number of PORT commands with long arguments, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
Red Hat
OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
vendor_redhat·2012-02-14·CVSS 3.6
CVE-2011-3571 [LOW] OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was accidentally used for a Concurrency issue in Java Runtime Environment, but that issue has been reassigned to CVE-2012-0507.
Package: java-1.6.0-sun (Red Hat Enterprise Linux 4) - Affected
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/70452http://secunia.com/advisories/42933http://www.exploit-db.com/exploits/15986http://www.securityfocus.com/bid/45814https://exchange.xforce.ibmcloud.com/vulnerabilities/64696http://osvdb.org/70452http://secunia.com/advisories/42933http://www.exploit-db.com/exploits/15986http://www.securityfocus.com/bid/45814https://exchange.xforce.ibmcloud.com/vulnerabilities/64696
2011-01-20
Published