Sign-up

ID

VAR-E-201002-0244


TITLE

Easy FTP Server (AKA UplusFTP) 'Path' Parameter Buffer Overflow Vulnerability

Trust: 0.3

sources: BID: 38321

DESCRIPTION

Easy FTP Server (also known as UplusFTP) is prone to a buffer-overflow vulnerability.
Successful exploits may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
Easy FTP Server 1.7.0.2, 1.7.0.12, and 1.7.1.01 are vulnerable; other versions may also be affected.

Trust: 0.3

sources: BID: 38321

AFFECTED PRODUCTS

vendor:upluswaremodel:uplusftpscope:eqversion:1.7.1.01

Trust: 0.3

vendor:upluswaremodel:uplusftpscope:eqversion:1.7.12

Trust: 0.3

vendor:easymodel:ftp server easy ftp serverscope:eqversion:1.72

Trust: 0.3

vendor:upluswaremodel:uplusftpscope:neversion:1.7.1.02

Trust: 0.3

sources: BID: 38321

EXPLOIT

The following exploit is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/38321.py">/data/vulnerabilities/exploits/38321.py</a></li>
<li><a href="/data/vulnerabilities/exploits/38321-2.py">/data/vulnerabilities/exploits/38321-2.py</a></li>

Trust: 0.3

sources: BID: 38321

PRICE

Free

Trust: 0.3

sources: BID: 38321

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 38321

CREDITS

ThE g0bL!N

Trust: 0.3

sources: BID: 38321

EXTERNAL IDS

db:BIDid:38321

Trust: 0.3

sources: BID: 38321

REFERENCES

url:http://www.erisesoft.com/en/uplusftp.php

Trust: 0.3

url:http://sourceforge.net/projects/easyftpsvr/

Trust: 0.3

sources: BID: 38321

SOURCES

db:BIDid:38321

LAST UPDATE DATE

2022-07-27T09:59:24.915000+00:00


SOURCES UPDATE DATE

db:BIDid:38321date:2010-07-28T20:05:00

SOURCES RELEASE DATE

db:BIDid:38321date:2010-02-19T00:00:00