Search criteria
42 vulnerabilities found for pyftpdlib by g.rodola
FKIE_CVE-2010-3494
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "024B769C-54ED-4228-8CE8-4DABCDCF4171",
"versionEndIncluding": "0.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B112CF-87F7-4A6A-9D75-AD6A577FB979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73F985FF-9073-42E5-8651-7A440C1453E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA58DF28-E4B7-4BD6-B77C-56521DE0CE4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63AAA8E0-D608-45CD-B46C-C8936607E525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C18591C-4D31-476F-BBC9-065E4C1A207D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la clase FTPHandler en ftpserver.py en pyftpdlib anterior a v0.5.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de demonio) estableciendo e inmediatamente cerrando una conexi\u00f3n TCP, permitiendo aceptar la funci\u00f3n teniendo un valor \"None\" no esperado para la direcci\u00f3n, o un error EWOULDBLOCK. Relacionado con CVE-2010-3492."
}
],
"id": "CVE-2010-3494",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:04.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.python.org/issue6706"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=104"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=105"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=556"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556\u0026r=556\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.python.org/issue6706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556\u0026r=556\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-5012
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "024B769C-54ED-4228-8CE8-4DABCDCF4171",
"versionEndIncluding": "0.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B112CF-87F7-4A6A-9D75-AD6A577FB979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73F985FF-9073-42E5-8651-7A440C1453E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA58DF28-E4B7-4BD6-B77C-56521DE0CE4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63AAA8E0-D608-45CD-B46C-C8936607E525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C18591C-4D31-476F-BBC9-065E4C1A207D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session."
},
{
"lang": "es",
"value": "ftpserver.py en pyftpdlib anterior a v0.5.2 no necesita permisos para el comando MLST, que permite a usuarios autenticados remotamente evitar restricciones de acceso intencionadas y listar el contenido del directorio root a trav\u00e9s de una sesi\u00f3n FTP."
}
],
"id": "CVE-2009-5012",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:03.050",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=114"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=596"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596\u0026r=596\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596\u0026r=596\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-5013
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "024B769C-54ED-4228-8CE8-4DABCDCF4171",
"versionEndIncluding": "0.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B112CF-87F7-4A6A-9D75-AD6A577FB979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73F985FF-9073-42E5-8651-7A440C1453E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA58DF28-E4B7-4BD6-B77C-56521DE0CE4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63AAA8E0-D608-45CD-B46C-C8936607E525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C18591C-4D31-476F-BBC9-065E4C1A207D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer."
},
{
"lang": "es",
"value": "Fuga de memoria en la funci\u00f3n on_dtp_close en ftpserver.py en pyftpdlib anterior a v0.5.2 permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante el env\u00edo del comando QUIT mediante una transferencia de datos."
}
],
"id": "CVE-2009-5013",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:03.097",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=119"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=615"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn615\u0026r=615\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn615\u0026r=615\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-5011
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "024B769C-54ED-4228-8CE8-4DABCDCF4171",
"versionEndIncluding": "0.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B112CF-87F7-4A6A-9D75-AD6A577FB979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73F985FF-9073-42E5-8651-7A440C1453E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA58DF28-E4B7-4BD6-B77C-56521DE0CE4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63AAA8E0-D608-45CD-B46C-C8936607E525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C18591C-4D31-476F-BBC9-065E4C1A207D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la clase FTPHandler en ftpserver.py en pyftpdlib anterior a v0.5.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de demonio) estableciendo e inmediatamente cerrando una conexi\u00f3n TCP, permitiendo a la funci\u00f3n \"getpeername\" que tenga un error ENOTCONN. Vector distinto de CVE-2010-3494."
}
],
"id": "CVE-2009-5011",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:03.017",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=100"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=543"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn543\u0026r=543\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn543\u0026r=543\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6739
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "807615BB-C28B-462D-B0C7-4950E31B0CC6",
"versionEndIncluding": "0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command."
},
{
"lang": "es",
"value": "FTPServer.py en pyftpdlib anterior a 0.2.0 permite a atacantes remotos generar una denegaci\u00f3n de servicio mediante un comando largo."
}
],
"id": "CVE-2007-6739",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:02.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=3"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=20"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn20\u0026r=20\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn20\u0026r=20\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-5010
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5443E1F4-F425-4232-9707-ABC45DA93719",
"versionEndIncluding": "0.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B112CF-87F7-4A6A-9D75-AD6A577FB979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73F985FF-9073-42E5-8651-7A440C1453E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA58DF28-E4B7-4BD6-B77C-56521DE0CE4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63AAA8E0-D608-45CD-B46C-C8936607E525",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la clase FTPHandler en ftpserver.py de pyftpdlib anterior a v0.5.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) estableciendo y cerrando inmediatamente una conexi\u00f3n TCP, provocando que la funci\u00f3n Accept tenga un valor de retorno no esperado de None. Una vulnerabilidad diferente de CVE-2010-3494"
}
],
"id": "CVE-2009-5010",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:02.957",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.python.org/issue6706"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=91"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=439"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn439\u0026r=439\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.python.org/issue6706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn439\u0026r=439\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-7264
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04A5ED3F-BCE7-43BD-A118-475704774463",
"versionEndIncluding": "0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B112CF-87F7-4A6A-9D75-AD6A577FB979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73F985FF-9073-42E5-8651-7A440C1453E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA58DF28-E4B7-4BD6-B77C-56521DE0CE4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt."
},
{
"lang": "es",
"value": "La funci\u00f3n ftp_QUIT en ftpserver.py en pyftpdlib anterior a v0.5.0 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (agotamiento de descriptor de fichero y agotamiento del demonio) mediante el env\u00edo de un comando QUIT durante un intento de transferencia de datos no permitido."
}
],
"id": "CVE-2008-7264",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:02.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=71"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=344"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn344\u0026r=344\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=71"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn344\u0026r=344\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-7263
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04A5ED3F-BCE7-43BD-A118-475704774463",
"versionEndIncluding": "0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B112CF-87F7-4A6A-9D75-AD6A577FB979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73F985FF-9073-42E5-8651-7A440C1453E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA58DF28-E4B7-4BD6-B77C-56521DE0CE4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack."
},
{
"lang": "es",
"value": "ftpserver.py en pyftpdlib anterior a v0.5.0 no retrasa su respuesta despu\u00e9s de recibir un intento de login no v\u00e1lido, lo cual produce que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2008-7263",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:02.690",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=73"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=348"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn348\u0026r=348\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=73"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn348\u0026r=348\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6740
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "807615BB-C28B-462D-B0C7-4950E31B0CC6",
"versionEndIncluding": "0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command."
},
{
"lang": "es",
"value": "La funci\u00f3n ftp_STOU de FTPServer.py en pyftpdlib anterior a v0.2.0 no limita el n\u00famero de intentos para descubrir un nombre de archivo \u00fanico, lo que permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio a trav\u00e9s del comando STOU."
}
],
"id": "CVE-2007-6740",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:02.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=25"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=37"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn37\u0026r=37\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn37\u0026r=37\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-7262
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3E3FA8-B97C-4878-B072-F5A9FC62E3E6",
"versionEndIncluding": "0.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B112CF-87F7-4A6A-9D75-AD6A577FB979",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en FTPServer.py en pyftpdlib anterior a v0.3.0 permite a atacantes autenticados acceder a ficheros arbitrarios y directorios a trav\u00e9s de vectores que involucran un enlace simb\u00f3lico en una ruta de acceso a un comando (1) CWD, (2) DELE, (3) STOR, o (4) RETR."
}
],
"id": "CVE-2008-7262",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:02.643",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=55"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6741
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "807615BB-C28B-462D-B0C7-4950E31B0CC6",
"versionEndIncluding": "0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017."
},
{
"lang": "es",
"value": "La funci\u00f3n ftp_PORT en FTPSErver.py en pyftpdlib anterior a v0.2.0 no previene conexiones TCP de puertos privilegiados si la direcci\u00f3n IP de destino compara el c\u00f3digo de la direcci\u00f3n IP de origen de clientes FTP, que deber\u00eda permitir autenticaci\u00f3n de usuarios remotos dirigir un ataque \"FTP bounce\" a trav\u00e9s de datos FTP manipulados, como qued\u00f3 demotrado en el ataque \"FTP bound\" contra el servidor NAT, tema relacionado con CVE-1999-0017."
}
],
"id": "CVE-2007-6741",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:02.580",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=11"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=32"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn32\u0026r=32\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn32\u0026r=32\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6738
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEEB68EB-94B6-48DE-80DD-D68AA801E54C",
"versionEndIncluding": "0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command."
},
{
"lang": "es",
"value": "pyftpdlib anterior a v0.1.1 no elige un valor aleatorio para el puerto asociado con el comando PASV, lo que hace que sea m\u00e1s f\u00e1cil para atacantes remotos obtener informaci\u00f3n sensible sobre el n\u00famero de conexiones en curso de datos mediante la lectura de la respuesta a este comando."
}
],
"id": "CVE-2007-6738",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:01.923",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6736
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "807615BB-C28B-462D-B0C7-4950E31B0CC6",
"versionEndIncluding": "0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en FTPServer.py en pyftpdlib anterior a v0.2.0 permite a usuarios autenticados acceder a ficheros y directorios arbitrarios mediante .. (punto punto) en un comando (1) LIST, (2) STOR, o (3) RETR"
}
],
"id": "CVE-2007-6736",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:01.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=9"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=16"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn16\u0026r=16\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn16\u0026r=16\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6737
Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "807615BB-C28B-462D-B0C7-4950E31B0CC6",
"versionEndIncluding": "0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack."
},
{
"lang": "es",
"value": "FTPServer.py en pyftpdlib anterior a v0.2.0 no incrementa el contador attempted_logins para un comando USER que especifica un nombre de usuario inv\u00e1lido, lo cual da lugar a que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2007-6737",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-19T20:00:01.707",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=20"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=23"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn23\u0026r=23\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn23\u0026r=23\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-6737 (GCVE-0-2007-6737)
Vulnerability from cvelistv5 – Published: 2010-10-19 19:00 – Updated: 2024-09-17 01:01
VLAI?
Summary
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn23\u0026r=23\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn23\u0026r=23\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=20",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=20"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn23\u0026r=23\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn23\u0026r=23\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=23",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6737",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:01:07.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7262 (GCVE-0-2008-7262)
Vulnerability from cvelistv5 – Published: 2010-10-19 19:00 – Updated: 2024-09-17 01:36
VLAI?
Summary
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=55",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7262",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:36:13.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6738 (GCVE-0-2007-6738)
Vulnerability from cvelistv5 – Published: 2010-10-19 19:00 – Updated: 2024-09-16 22:09
VLAI?
Summary
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6738",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-16T22:09:55.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3494 (GCVE-0-2010-3494)
Vulnerability from cvelistv5 – Published: 2010-10-19 19:00 – Updated: 2024-09-16 20:01
VLAI?
Summary
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:11:44.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=556"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556\u0026r=556\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=105"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=556"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556\u0026r=556\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=105"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=556",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=556"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "https://bugs.launchpad.net/zodb/+bug/135108",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556\u0026r=556\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556\u0026r=556\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=105",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=105"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=104",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=104"
},
{
"name": "http://bugs.python.org/issue6706",
"refsource": "MISC",
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3494",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-09-24T00:00:00Z",
"dateUpdated": "2024-09-16T20:01:23.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7263 (GCVE-0-2008-7263)
Vulnerability from cvelistv5 – Published: 2010-10-19 19:00 – Updated: 2024-09-17 01:31
VLAI?
Summary
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn348\u0026r=348\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn348\u0026r=348\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn348\u0026r=348\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn348\u0026r=348\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=73",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=73"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=348",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7263",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:31:38.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5012 (GCVE-0-2009-5012)
Vulnerability from cvelistv5 – Published: 2010-10-19 19:00 – Updated: 2024-09-17 01:55
VLAI?
Summary
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596\u0026r=596\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596\u0026r=596\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=596",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=596"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596\u0026r=596\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596\u0026r=596\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=114",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5012",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:55:56.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6739 (GCVE-0-2007-6739)
Vulnerability from cvelistv5 – Published: 2010-10-19 19:00 – Updated: 2024-09-17 01:21
VLAI?
Summary
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn20\u0026r=20\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn20\u0026r=20\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn20\u0026r=20\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn20\u0026r=20\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=3",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=3"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=20",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=20"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6739",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:21:19.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5010 (GCVE-0-2009-5010)
Vulnerability from cvelistv5 – Published: 2010-10-19 19:00 – Updated: 2024-09-16 16:59
VLAI?
Summary
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=91"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=439"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn439\u0026r=439\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=91"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=439"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn439\u0026r=439\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=91",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=91"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "https://bugs.launchpad.net/zodb/+bug/135108",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=439",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=439"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"name": "http://bugs.python.org/issue6706",
"refsource": "MISC",
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn439\u0026r=439\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn439\u0026r=439\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5010",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-16T16:59:08.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6737 (GCVE-0-2007-6737)
Vulnerability from nvd – Published: 2010-10-19 19:00 – Updated: 2024-09-17 01:01
VLAI?
Summary
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn23\u0026r=23\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn23\u0026r=23\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=20",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=20"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn23\u0026r=23\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn23\u0026r=23\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=23",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6737",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:01:07.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7262 (GCVE-0-2008-7262)
Vulnerability from nvd – Published: 2010-10-19 19:00 – Updated: 2024-09-17 01:36
VLAI?
Summary
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=55",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7262",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:36:13.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6738 (GCVE-0-2007-6738)
Vulnerability from nvd – Published: 2010-10-19 19:00 – Updated: 2024-09-16 22:09
VLAI?
Summary
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6738",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-16T22:09:55.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3494 (GCVE-0-2010-3494)
Vulnerability from nvd – Published: 2010-10-19 19:00 – Updated: 2024-09-16 20:01
VLAI?
Summary
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:11:44.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=556"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556\u0026r=556\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=105"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=556"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556\u0026r=556\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=105"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=556",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=556"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "https://bugs.launchpad.net/zodb/+bug/135108",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556\u0026r=556\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn556\u0026r=556\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=105",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=105"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=104",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=104"
},
{
"name": "http://bugs.python.org/issue6706",
"refsource": "MISC",
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3494",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-09-24T00:00:00Z",
"dateUpdated": "2024-09-16T20:01:23.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7263 (GCVE-0-2008-7263)
Vulnerability from nvd – Published: 2010-10-19 19:00 – Updated: 2024-09-17 01:31
VLAI?
Summary
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn348\u0026r=348\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn348\u0026r=348\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn348\u0026r=348\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn348\u0026r=348\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=73",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=73"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=348",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7263",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:31:38.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5012 (GCVE-0-2009-5012)
Vulnerability from nvd – Published: 2010-10-19 19:00 – Updated: 2024-09-17 01:55
VLAI?
Summary
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596\u0026r=596\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596\u0026r=596\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=596",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=596"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596\u0026r=596\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596\u0026r=596\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=114",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5012",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:55:56.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6739 (GCVE-0-2007-6739)
Vulnerability from nvd – Published: 2010-10-19 19:00 – Updated: 2024-09-17 01:21
VLAI?
Summary
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn20\u0026r=20\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn20\u0026r=20\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn20\u0026r=20\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn20\u0026r=20\u0026format=side\u0026path=/trunk/pyftpdlib/FTPServer.py"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=3",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=3"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=20",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=20"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6739",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T01:21:19.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5010 (GCVE-0-2009-5010)
Vulnerability from nvd – Published: 2010-10-19 19:00 – Updated: 2024-09-16 16:59
VLAI?
Summary
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=91"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=439"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn439\u0026r=439\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=91"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=439"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn439\u0026r=439\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=91",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=91"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "https://bugs.launchpad.net/zodb/+bug/135108",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=439",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=439"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"name": "http://bugs.python.org/issue6706",
"refsource": "MISC",
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn439\u0026r=439\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn439\u0026r=439\u0026format=side\u0026path=/trunk/pyftpdlib/ftpserver.py"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5010",
"datePublished": "2010-10-19T19:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-16T16:59:08.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}