ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
Max CVSS
7.5
EPSS Score
0.33%
Published
2010-10-19
Updated
2010-10-20
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.
Max CVSS
6.5
EPSS Score
0.18%
Published
2010-10-19
Updated
2010-10-20
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.
Max CVSS
6.5
EPSS Score
0.24%
Published
2010-10-19
Updated
2010-10-20
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
Max CVSS
7.5
EPSS Score
0.33%
Published
2010-10-19
Updated
2010-10-20
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.
Max CVSS
6.5
EPSS Score
0.21%
Published
2010-10-19
Updated
2010-10-20
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!