MidnightBSD

Advisories for steve_poulsen

CVE-2000-0640 HIGH

Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
steve_poulsen guildftpd 0.9.7
CVE-2001-0767 MEDIUM

Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
steve_poulsen guildftpd 0.9.7
CVE-2001-0768 MEDIUM

GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
steve_poulsen guildftpd 0.9.7
CVE-2001-0769 MEDIUM

Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
steve_poulsen guildftpd 0.97
CVE-2001-0770 HIGH

Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
steve_poulsen guildftpd 0.97
CVE-2003-1267 MEDIUM

GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
steve_poulsen guildftpd 0.999