PyPI package
pyftpdlib
pkg:pypi/pyftpdlib
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-3494 | — | < 0.5.2 | 0.5.2 | Oct 19, 2010 | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None f | ||
| CVE-2009-5013 | — | < 0.5.2 | 0.5.2 | Oct 19, 2010 | Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer. | ||
| CVE-2009-5012 | — | < 0.5.2 | 0.5.2 | Oct 19, 2010 | ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session. | ||
| CVE-2009-5011 | — | < 0.5.2 | 0.5.2 | Oct 19, 2010 | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a dif | ||
| CVE-2009-5010 | — | < 0.5.1 | 0.5.1 | Oct 19, 2010 | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of | ||
| CVE-2008-7264 | — | < 0.5.0 | 0.5.0 | Oct 19, 2010 | The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt. | ||
| CVE-2008-7263 | — | < 0.5.0 | 0.5.0 | Oct 19, 2010 | ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||
| CVE-2008-7262 | — | < 0.3.0 | 0.3.0 | Oct 19, 2010 | Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command. | ||
| CVE-2007-6741 | — | < 0.2.0 | 0.2.0 | Oct 19, 2010 | The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP boun | ||
| CVE-2007-6740 | — | < 0.2.0 | 0.2.0 | Oct 19, 2010 | The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command. | ||
| CVE-2007-6739 | — | < 0.2.0 | 0.2.0 | Oct 19, 2010 | FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command. | ||
| CVE-2007-6738 | — | < 0.1.1 | 0.1.1 | Oct 19, 2010 | pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command. | ||
| CVE-2007-6737 | — | < 0.2.0 | 0.2.0 | Oct 19, 2010 | FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||
| CVE-2007-6736 | — | < 0.2.0 | 0.2.0 | Oct 19, 2010 | Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command. |
- CVE-2010-3494Oct 19, 2010affected < 0.5.2fixed 0.5.2
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None f
- CVE-2009-5013Oct 19, 2010affected < 0.5.2fixed 0.5.2
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.
- CVE-2009-5012Oct 19, 2010affected < 0.5.2fixed 0.5.2
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.
- CVE-2009-5011Oct 19, 2010affected < 0.5.2fixed 0.5.2
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a dif
- CVE-2009-5010Oct 19, 2010affected < 0.5.1fixed 0.5.1
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of
- CVE-2008-7264Oct 19, 2010affected < 0.5.0fixed 0.5.0
The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt.
- CVE-2008-7263Oct 19, 2010affected < 0.5.0fixed 0.5.0
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
- CVE-2008-7262Oct 19, 2010affected < 0.3.0fixed 0.3.0
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.
- CVE-2007-6741Oct 19, 2010affected < 0.2.0fixed 0.2.0
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP boun
- CVE-2007-6740Oct 19, 2010affected < 0.2.0fixed 0.2.0
The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.
- CVE-2007-6739Oct 19, 2010affected < 0.2.0fixed 0.2.0
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.
- CVE-2007-6738Oct 19, 2010affected < 0.1.1fixed 0.1.1
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
- CVE-2007-6737Oct 19, 2010affected < 0.2.0fixed 0.2.0
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
- CVE-2007-6736Oct 19, 2010affected < 0.2.0fixed 0.2.0
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.