CVE-2005-1666
CVE-2005-1666
Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/25631unverifiedexploitdbwww.exploit-db.com/exploits/25629unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://hp.vector.co.jp/authors/VA027031/orenosv/index_en.htmlhttp://secunia.com/advisories/15302http://securitytracker.com/id?1013923https://exchange.xforce.ibmcloud.com/vulnerabilities/20510https://exchange.xforce.ibmcloud.com/vulnerabilities/20512http://www.osvdb.org/16165http://www.osvdb.org/16166http://www.securiteam.com/windowsntfocus/5FP0H00FPS.htmlhttp://www.securityfocus.com/bid/13546http://www.securityfocus.com/bid/13549http://www.security.org.sg/vuln/orenosv081.htmlhttp://www.vupen.com/english/advisories/2005/0499