The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service.
Max CVSS
7.5
EPSS Score
0.72%
Published
2005-05-18
Updated
2011-03-08
Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service (connection consumption) by sending a large number HTTP HEAD requests.
Max CVSS
7.8
EPSS Score
9.09%
Published
2004-12-31
Updated
2017-07-11
Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist.
Max CVSS
5.0
EPSS Score
4.01%
Published
2004-04-19
Updated
2017-07-11
Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attackers to cause a denial of service (temporary hang) via the cd command with an unusual argument, possibly due to multiple leading slashes and/or an access to the floppy drive ("A").
Max CVSS
5.0
EPSS Score
0.33%
Published
2004-08-06
Updated
2017-07-11
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter.
Max CVSS
10.0
EPSS Score
2.80%
Published
2004-08-06
Updated
2017-07-11
FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long username.
Max CVSS
7.5
EPSS Score
0.49%
Published
2001-06-02
Updated
2017-12-19
FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the requested pathname.
Max CVSS
5.0
EPSS Score
2.22%
Published
2001-06-02
Updated
2017-12-19
FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real pathname of the server via the "pwd" command.
Max CVSS
5.0
EPSS Score
0.95%
Published
2001-06-02
Updated
2016-10-18
Fastream FUR HTTP server 1.0b allows remote attackers to cause a denial of service via a long GET request.
Max CVSS
5.0
EPSS Score
0.29%
Published
2000-11-14
Updated
2017-10-10
Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long username.
Max CVSS
7.5
EPSS Score
0.22%
Published
2000-11-14
Updated
2008-09-05
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!