Vulnerability Details : CVE-2008-5626
Public exploit exists!
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-5626
Probability of exploitation activity in the next 30 days: 95.71%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-5626
-
XM Easy Personal FTP Server 5.6.0 NLST DoS
Disclosure Date: 2008-10-13First seen: 2020-04-26auxiliary/dos/windows/ftp/xmeasy560_nlstThis module is a port of shinnai's script. You need a valid login, but even anonymous can do it as long as it has permission to call NLST. Authors: - kris katterjohn <katterjohn@gmail.com> -
XM Easy Personal FTP Server 5.7.0 NLST DoS
Disclosure Date: 2009-03-27First seen: 2020-04-26auxiliary/dos/windows/ftp/xmeasy570_nlstYou need a valid login to DoS this FTP server, but even anonymous can do it as long as it has permission to call NLST. Authors: - kris katterjohn <katterjohn@gmail.com>
CVSS scores for CVE-2008-5626
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2008-5626
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5626
-
https://www.exploit-db.com/exploits/6741
XM Easy Personal FTP Server 5.6.0 - Remote Denial of Service - Windows dos Exploit
-
http://www.securityfocus.com/bid/31739
Exploit
-
http://www.vupen.com/english/advisories/2008/2803
-
http://securityreason.com/securityalert/4766
Products affected by CVE-2008-5626
- cpe:2.3:a:dxmsoft:xm_easy_personal_ftp_server:5.6.0:*:*:*:*:*:*:*