Vulnerabilities > CVE-2004-1884
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
Vulnerable Configurations
Nessus
NASL family | FTP |
NASL id | WSFTP_MULTIPLE_FLAWS.NASL |
description | According to its banner, the version of WS_FTP running on the remote host has multiple vulnerabilities, including : - A buffer overflow caused by a vulnerability in the ALLO handler. - A flaw which could allow an attacker to gain SYSTEM level privileges. - A local or remote attacker with write privileges on a directory can create a specially crafted file, causing a denial of service. A remote attacker could exploit these vulnerabilities to execute arbitrary code. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14598 |
published | 2004-09-01 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14598 |
title | WS_FTP Server Multiple Vulnerabilities (OF, DoS, Cmd Exec) |
code |
|