Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bolintech dream ftp server 1.02

## # $Id: dreamftp_formatrb 9583 2010-06-22 19:11:05Z todb $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class M ...

#include <stdioh> #include <sys/typesh> #include <sys/socketh> #include <netinet/inh> // WIN NT/2K/XP cmdexe shellcode // kernel32dll baseaddress calculation: OS/SP-independent // string-save: 00, 0a and 0d free // portbinding: port 28876 // looping: reconnect after disconnect char* shellcode = "\xeb\x43\x56\x57\x ...

NVD-CWE-Other http://www.securityfocus.com/bid/9800 http://securitytracker.com/id?1009295 https://exchange.xforce.ibmcloud.com/vulnerabilities/15380 https://nvd.nist.gov https://www.exploit-db.com/exploits/16712/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2074

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect