CVE-2024-0737
published 2024-01-19CVE-2024-0737: A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The…
PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
4.20%
89.7th percentile
A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xlightftpd | xlight_ftp_server | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL WEB_SERVER viewcode access
suricata·2010-09-23
CVE-1999-0737 GPL WEB_SERVER viewcode access
GPL WEB_SERVER viewcode access
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL WEB_SERVER viewcode access"; flow:established,to_server; http.uri; content:"/viewcode"; reference:cve,1999-0737; reference:nessus,10576; reference:nessus,12048; classtype:web-application-attack; sid:2101403; rev:13; metadata:created_at 2010_09_23, cve CVE_1999_0737, signature_severity Unknown, updated_at 2024_03_08;)
Wiz
CVE-2019-25681 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2019-25681 [MEDIUM] CVE-2019-25681 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2019-25681 :
Xlight FTP Server vulnerability analysis and mitigation
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual server configuration to trigger a buffer overflow that corrupts the SEH chain and enables potential code execution.
Source : NVD
## 8.6
Score
Published April 5, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Xlight FTP Server
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.3
Exploitation Probability (EPSS)
Wiz
CVE-2023-53886 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2023-53886 [MEDIUM] CVE-2023-53886 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-53886 :
Xlight FTP Server vulnerability analysis and mitigation
Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.
Source : NVD
## 5.1
Score
Published December 15, 2025
Severity MEDIUM
CNA Score 5.1
Affected Technologies
Xlight FTP Server
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:xlightftpd:xlight_ftp_server
Sources
Windows No
2024-01-19
Published