RSS   Vulnerabilities for 'Pyftpd'   RSS

2010-06-16
 
CVE-2010-2073

CWE-255
 

 
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.

 
 
CVE-2010-2072

CWE-310
 

 
Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information.

 


Copyright 2024, cxsecurity.com

 

Back to Top