PCMan's FTP Server Multiple Vulnerabilities Network Vulnerability

Summary

The remote host is installed with PCMan's FTP Server and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow a remote attacker to read or write arbitrary files or cause denial of service condition result in loss of availability for the application. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

Improper sanitation of user supplied input via 'PAYLOAD', 'EIP', 'USER', 'PASS', 'DIR', 'PUT' and 'NOP' parameters.

Affected

PCMan's FTP Server version 2.0.7

References

http://packetstormsecurity.com/files/122173/pcman-traversal.txt
http://www.exploit-db.com/exploits/26495

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-4730
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ProFTPD Multiple Remote Vulnerabilities
WS FTP overflows
War FTP Daemon 'USER' and 'PASS' Remote Format String Vulnerability
WS FTP STAT buffer overflow0
Serv-U Multiple Security Vulnerabilities

Take action and discover your vulnerabilities