Published: 02/07/2010 Updated: 06/07/2010

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Open&Compact FTP Server (Open-FTPD) 1.2 and previous versions allows remote malicious users to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.

Vulnerable Product	Search on Vulmon	Subscribe to Product
open-ftpd open-ftpd 1.0
open-ftpd open-ftpd

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking ...

# Exploit Title: Open&Compact Ftp Server <= 12 Full System Access # Date: June 12, 2010 # Author: Serge Gorbunov # Software Link: sourceforgenet/projects/open-ftpd/ # Version: <= 12 # Tested on: Windows 7, Windows XP SP3 #!/usr/bin/python # Simply by omitting login process to the open ftp server it is possible # to execute any ...

#!/usr/bin/python # Exploit Title: Open&Compact Ftp Server <= 12 Auth bypass & directory traversal sam retrieval # Date: Aug 7, 2013 # By Wireghoul - wwwjustanotherhackercom # Based on Serge Gorbunov's auth bypass (wwwexploit-dbcom/exploits/13932/) # Software Link: sourceforgenet/projects/open-ftpd/ # Version: ...

CWE-287 http://secunia.com/advisories/40284 http://www.exploit-db.com/exploits/13932 https://nvd.nist.gov https://www.exploit-db.com/exploits/27556/

CVE-2010-2620

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect