Published: 15/11/2017 Updated: 09/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by malicious users to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log.

Vulnerable Product	Search on Vulmon	Subscribe to Product
psftp psftpd 10.0.4

X41 D-Sec GmbH Security Advisory: X41-2017-006 Multiple Vulnerabilities in PSFTPd Windows FTP Server ===================================================== Overview -------- Confirmed Affected Versions: 1004 Build 729 Confirmed Patched Versions: None Vendor: Sergei Pleis Softwareentwicklung Vendor URL: wwwpsftpde/ftp-server/ Vector: Net ...

PSFTPd Windows FTP Server version 1004 Build 729 suffers from use-after-free, log injection, and various other vulnerabilities ...

CWE-20 https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html https://www.exploit-db.com/exploits/43144/http://www.securityfocus.com/archive/1/541518/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/43144/

CVE-2017-15270

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect