Ftpshell Server
Sign in to watchby Ftpshell
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-25619 | Hig | 0.55 | 8.4 | 0.00 | Mar 22, 2026 | FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands. | |
| CVE-2018-25226 | Med | 0.40 | 6.2 | 0.00 | Mar 30, 2026 | FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface. | |
| CVE-2009-0349 | 0.05 | — | 0.26 | Jan 29, 2009 | Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file. | ||
| CVE-2005-2426 | 0.03 | — | 0.01 | Aug 3, 2005 | FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command. |