G.Rodola

Pyftpdlib

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2010-3494

  • EPSS 0.42%
  • Veröffentlicht 19.10.2010 20:00:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having...

4.3

CVE-2009-5011

  • EPSS 0.44%
  • Veröffentlicht 19.10.2010 20:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function h...

4

CVE-2009-5012

  • EPSS 0.2%
  • Veröffentlicht 19.10.2010 20:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.

4

CVE-2009-5013

  • EPSS 0.51%
  • Veröffentlicht 19.10.2010 20:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.

5

CVE-2007-6739

  • EPSS 0.6%
  • Veröffentlicht 19.10.2010 20:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.

4

CVE-2007-6740

  • EPSS 0.51%
  • Veröffentlicht 19.10.2010 20:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.

6.5

CVE-2007-6741

  • EPSS 0.61%
  • Veröffentlicht 19.10.2010 20:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authentic...

6.5

CVE-2008-7262

  • EPSS 0.55%
  • Veröffentlicht 19.10.2010 20:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) R...

7.5

CVE-2008-7263

  • EPSS 0.65%
  • Veröffentlicht 19.10.2010 20:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

4

CVE-2008-7264

Exploit
  • EPSS 0.81%
  • Veröffentlicht 19.10.2010 20:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt.