CVE-2009-5010
- EPSS 1.04%
- Veröffentlicht 19.10.2010 20:00:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having...
CVE-2007-6736
- EPSS 0.34%
- Veröffentlicht 19.10.2010 20:00:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.
CVE-2007-6737
- EPSS 0.54%
- Veröffentlicht 19.10.2010 20:00:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
- EPSS 0.25%
- Veröffentlicht 19.10.2010 20:00:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading th...