Ftpshell Server vulnerabilities
5 known vulnerabilities affecting ftpshell/ftpshell_server.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2009-0349P3CRITICALCVSS 9.3PoCv4.32009-01-29
CVE-2009-0349 [CRITICAL] CWE-119 CVE-2009-0349: Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a
Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file.
nvd
CVE-2019-25619P3HIGHCVSS 7.8v6.832026-03-22
CVE-2019-25619 [HIGH] CWE-787 CVE-2019-25619: FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field th
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands
nvd
CVE-2020-18077P4HIGHCVSS 7.5v6.832021-12-17
CVE-2020-18077 [HIGH] CWE-120 CVE-2020-18077: A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attac
A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS).
nvd
CVE-2005-2426P4LOWCVSS 2.1PoCv3.382005-08-03
CVE-2005-2426 [LOW] CVE-2005-2426: FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application cra
FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command.
nvd
CVE-2018-25226P4MEDIUMCVSS 5.5v6.832026-03-30
CVE-2018-25226 [MEDIUM] CWE-787 CVE-2018-25226: FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash t
FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface.
nvd