VYPR

Xlight FTP Server

by Xlightftpd

CVEs (8)

  • CVE-2024-46483CriOct 22, 2024
    risk 0.65cvss 9.8epss 0.01

    Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content.

  • CVE-2019-25681HigApr 5, 2026
    risk 0.55cvss 8.4epss 0.00

    Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program…

  • CVE-2004-0287Nov 23, 2004
    risk 0.04cvss epss 0.07

    Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service (crash) via a RETR command with a long argument containing a large number of / (slash) characters, possibly triggering a buffer overflow.

  • CVE-2024-0737Jan 19, 2024
    risk 0.03cvss epss 0.04

    A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been…

  • CVE-2009-4795Apr 22, 2010
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.

  • CVE-2023-53886Dec 15, 2025
    risk 0.00cvss epss 0.00

    Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a…

  • CVE-2010-2695Jul 12, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3)…

  • CVE-2008-0604Feb 6, 2008
    risk 0.00cvss epss 0.01

    The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions.