RSS   Vulnerabilities for 'Freesshd'   RSS

2018-07-10
 
CVE-2018-9853

CWE-269
 

 
Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.

 
2018-01-24
 
CVE-2017-1000475

CWE-428
 

 
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.

 
2012-12-04
 
CVE-2012-6066

CWE-287
 

 
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.

 
2009-09-24
 
CVE-2009-3340

CWE-noinfo
 

 
Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

 
2009-08-05
 
CVE-2008-6899

CWE-119
 

 
Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command.

 
2008-10-27
 
CVE-2008-4762

CWE-119
 

 
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.

 
2008-06-06
 
CVE-2008-2573

CWE-119
 

 
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.

 
2008-02-20
 
CVE-2008-0852

CWE-Other
 

 
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.

 
2006-05-16
 
CVE-2006-2407

CWE-119
 

 
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.

 

 >>> Vendor: Freesshd 2 Products
Freeftpd
Freesshd


Copyright 2024, cxsecurity.com

 

Back to Top