ID

VAR-E-201002-0428

TITLE

uplusware UplusFtp Multiple Remote Buffer Overflow Vulnerabilities

DESCRIPTION

UplusFtp (formerly Easy Ftp Server) is prone to multiple remote buffer-overflow vulnerabilities.
Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
UplusFtp 1.7.0.12 is vulnerable; prior versions, including Easy Ftp Server, may also be affected.

AFFECTED PRODUCTS

EXPLOIT

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits and proofs of concept are available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/38102.py">/data/vulnerabilities/exploits/38102.py</a></li>
<li><a href="/data/vulnerabilities/exploits/38262-1.py">/data/vulnerabilities/exploits/38262-1.py</a></li>
<li><a href="/data/vulnerabilities/exploits/38262-2.py">/data/vulnerabilities/exploits/38262-2.py</a></li>
<li><a href="/data/vulnerabilities/exploits/38262-3.py">/data/vulnerabilities/exploits/38262-3.py</a></li>
<li><a href="/data/vulnerabilities/exploits/38262-4.py">/data/vulnerabilities/exploits/38262-4.py</a></li>
<li><a href="/data/vulnerabilities/exploits/38102.rb">/data/vulnerabilities/exploits/38102.rb</a></li>
<li><a href="/data/vulnerabilities/exploits/38102.sh">/data/vulnerabilities/exploits/38102.sh</a></li>
<li><a href="/data/vulnerabilities/exploits/38102-2.py">/data/vulnerabilities/exploits/38102-2.py</a></li>
<li><a href="/data/vulnerabilities/exploits/38102-3.py">/data/vulnerabilities/exploits/38102-3.py</a></li>
<li><a href="/data/vulnerabilities/exploits/38102-5.py">/data/vulnerabilities/exploits/38102-5.py</a></li>

PRICE

Free

TYPE

Boundary Condition Error

CREDITS

loneferret

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

2022-07-27T09:28:11.746000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE