freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled).
Max CVSS
8.8
EPSS Score
0.10%
Published
2019-12-03
Updated
2019-12-12
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
Max CVSS
10.0
EPSS Score
0.31%
Published
2012-12-04
Updated
2012-12-05
CVE-2006-2407
Public exploit
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
Max CVSS
7.5
EPSS Score
59.49%
Published
2006-05-16
Updated
2018-10-18
freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.
Max CVSS
6.8
EPSS Score
1.69%
Published
2005-11-26
Updated
2018-10-19
Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands.
Max CVSS
7.5
EPSS Score
6.00%
Published
2005-11-19
Updated
2017-07-11
CVE-2005-3683
Public exploit
Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command.
Max CVSS
7.5
EPSS Score
70.85%
Published
2005-11-19
Updated
2017-07-11
6 vulnerabilities found