MidnightBSD

Advisories for khamil_landross_and_zack_jones

CVE-2000-0870 HIGH

Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khamil_landross_and_zack_jones eftp 2.0.4.281
CVE-2000-0871 MEDIUM

Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khamil_landross_and_zack_jones eftp 2.0.4.281
CVE-2001-1109 HIGH

Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khamil_landross_and_zack_jones eftp 2.0.7.337
CVE-2001-1110 MEDIUM

EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khamil_landross_and_zack_jones eftp 2.0.7.337
CVE-2001-1111 MEDIUM

EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khamil_landross_and_zack_jones eftp 2.0.7.337
CVE-2001-1112 HIGH

Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khamil_landross_and_zack_jones eftp 2.0.7.337
CVE-2001-1193 MEDIUM

Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khamil_landross_and_zack_jones eftp 2.0.8.346