Filezilla-Project Filezilla Client vulnerabilities

CVE-2019-25683 [MEDIUM] CWE-532 CVE-2019-25683: FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that a FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field and ini

CVE-2023-53959 [HIGH] CWE-427 CVE-2023-53959: FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute mali FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.

CVE-2024-31497 [MEDIUM] CWE-338 CVE-2024-31497: In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly rea

CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr

CVE-2016-15003 [HIGH] CWE-428 CVE-2016-15003: A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vuln A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public

CVE-2022-29620 [MEDIUM] CWE-312 CVE-2022-29620: FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability

CVE-2019-5429 [HIGH] CWE-426 CVE-2019-5429: Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a mal Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.