RSS   Vulnerabilities for 'Filezilla'   RSS

2007-04-26
 
CVE-2007-2318

 

 
Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.

 
2007-01-17
 
CVE-2007-0317

 

 
Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information.

 
 
CVE-2007-0315

CWE-119
 

 
Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information.

 
2006-12-15
 
CVE-2006-6564

 

 
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.

 
2006-05-15
 
CVE-2006-2403

 

 
Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors.

 
2005-09-14
 
CVE-2005-2898

 

 
** DISPUTED ** NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently."

 

 >>> Vendor: Filezilla 3 Products
Filezilla server
Filezilla
Filezilla server terminal


Copyright 2024, cxsecurity.com

 

Back to Top