Ftpshell

ftpshell

8 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Ftpshell Server

ftpshell_server

Ftpshell Client

ftpshell_client

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-25226 1Ftpshell 1Ftpshell Server Mar 31, 2026 Mar 30, 2026 6.9 MEDIUM· v4 5.5 MEDIUM· v3 N/A· v2 FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of serv...Show more FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface.Show less
CVE-2019-25619 1Ftpshell 1Ftpshell Server Apr 3, 2026 Mar 22, 2026 8.6 HIGH· v4 7.8 HIGH· v3 N/A· v2 FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode throug...Show more FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.Show less
CVE-2020-18077 1Ftpshell 1Ftpshell Server Nov 21, 2024 Dec 17, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS).
CVE-2018-7573 1Ftpshell 1Ftpshell Client Nov 21, 2024 Mar 1, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code o...Show more An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.Show less
CVE-2017-6465 1Ftpshell 1Ftpshell Client May 13, 2026 Mar 10, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflo...Show more Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.Show less
CVE-2009-3364 1Ftpshell 1Ftpshell Apr 23, 2026 Sep 24, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
CVE-2009-0349 1Ftpshell 1Ftpshell Server Apr 23, 2026 Jan 29, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (ak...Show more Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file.Show less
CVE-2005-2426 1Ftpshell 1Ftpshell Server Apr 16, 2026 Aug 3, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command.