Selom Ofori » Blackmoon Ftp Server : Security Vulnerabilities, CVEs,
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.
Max CVSS
4.6
EPSS Score
0.20%
Published
2003-05-21
Updated
2016-10-18
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-05-20
Updated
2016-10-18
Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary code via a long argument to (1) USER, (2) PASS, or (3) CWD.
Max CVSS
7.5
EPSS Score
6.71%
Published
2002-03-25
Updated
2008-09-11
3 vulnerabilities found