Vendor
Smartftp
Products
1
CVEs
6
Across products
7
Status
Private
Products
1- 7 CVEs
Recent CVEs
6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-25234 | Med | 0.40 | 6.2 | 0.00 | Mar 30, 2026 | SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash. | |
| CVE-2007-0790 | 0.03 | — | 0.05 | Feb 6, 2007 | Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. | ||
| CVE-2003-1319 | 0.02 | — | 0.28 | Dec 31, 2003 | Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow. | ||
| CVE-2010-5219 | 0.00 | — | 0.00 | Sep 6, 2012 | Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .txt, .html, or .mpg file. NOTE: some of these details are obtained from third party information. | ||
| CVE-2010-4871 | 0.00 | — | 0.01 | Oct 7, 2011 | Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows attackers to have an unknown impact via a long filename. | ||
| CVE-2010-3099 | 0.00 | — | 0.00 | Aug 20, 2010 | Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information. |