Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pasv vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-3364
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
Ftpshell Ftpshell 4.1
1 EDB exploit
NA
CVE-1999-1148
FTP service in IIS 4.0 and previous versions allows remote malicious users to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.
Microsoft Internet Information Server
NA
CVE-2007-3768
The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.
Netwin Surgeftp
NA
CVE-2002-0768
Buffer overflow in lukemftp FTP client in SuSE 6.4 up to and including 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.
Luke Mewburn Lukemftp
Suse Suse Linux 7.2
Suse Suse Linux 8.0
Suse Suse Linux 7.0
Suse Suse Linux 7.1
Suse Suse Linux 6.4
Suse Suse Linux 7.3
NA
CVE-2002-1943
SafeTP 1.46, when network address translation (NAT) is being used, leaks the internal IP address of the FTP server in a response to a passive mode (PASV) file transfer request.
Safetp Safetp Server 1.46
1 EDB exploit
NA
CVE-2007-4679
CFFTP in CFNetwork for Apple Mac OS X 10.4 up to and including 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.
Apple Mac Os X
NA
CVE-2001-0702
Cerberus FTP 1.5 and previous versions allows remote malicious users to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command.
Grant Averett Ceberus Ftp Server 1.1
Grant Averett Ceberus Ftp Server 1.0
Grant Averett Ceberus Ftp Server 1.22
Grant Averett Ceberus Ftp Server 1.5
Grant Averett Ceberus Ftp Server 1.2
Grant Averett Ceberus Ftp Server 1.01
Grant Averett Ceberus Ftp Server 1.3
1 EDB exploit
NA
CVE-2002-0600
Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.
Kth Kth Kerberos 4 1.0.3
Kth Kth Kerberos 4 1.0.2
Luke Mewburn Lukemftp 1.5
Kth Kth Kerberos 4 1.1.1
Kth Kth Kerberos 4 1.0.4
6.5
CVSSv3
CVE-2021-40491
The ftp client in GNU Inetutils prior to 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
Gnu Inetutils
Debian Debian Linux 10.0
NA
CVE-2002-1063
Thomas Hauck Jana Server 2.x up to and including 2.2.1, and 1.4.6 and previous versions, allows remote malicious users to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports.
T. Hauck Jana Web Server 1.0
T. Hauck Jana Web Server 2.0
T. Hauck Jana Web Server 2.2.1
T. Hauck Jana Web Server 2.0 Beta2
T. Hauck Jana Web Server 1.45
T. Hauck Jana Web Server 2.0 Beta1
T. Hauck Jana Web Server 1.46
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »