CVE-2006-2407

Public exploit
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
Max CVSS
7.5
EPSS Score
52.92%
Published
2006-05-16
Updated
2018-10-18
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.
Max CVSS
5.0
EPSS Score
5.34%
Published
2008-02-21
Updated
2018-10-15
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.
Max CVSS
8.5
EPSS Score
8.85%
Published
2008-06-06
Updated
2018-10-11
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.
Max CVSS
9.0
EPSS Score
7.61%
Published
2008-10-28
Updated
2018-10-11
Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command.
Max CVSS
9.0
EPSS Score
2.22%
Published
2009-08-05
Updated
2018-10-11
Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
5.0
EPSS Score
0.28%
Published
2009-09-24
Updated
2009-09-28

CVE-2012-6066

Public exploit
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
Max CVSS
9.3
EPSS Score
24.32%
Published
2012-12-04
Updated
2012-12-05
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
Max CVSS
7.8
EPSS Score
0.06%
Published
2018-01-24
Updated
2020-07-02
Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.
Max CVSS
9.8
EPSS Score
0.26%
Published
2018-07-10
Updated
2019-10-03
A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-19
Updated
2024-03-21
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!