Vulnerabilities > CVE-2008-5626 - Resource Management Errors vulnerability in Dxmsoft XM Easy Personal FTP Server 5.6.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description XM Easy Personal FTP Server <= 5.7.0 (NLST) DoS Exploit. CVE-2008-5626. Dos exploit for windows platform id EDB-ID:8294 last seen 2016-02-01 modified 2009-03-27 published 2009-03-27 reporter Jonathan Salwan source https://www.exploit-db.com/download/8294/ title XM Easy Personal FTP Server <= 5.7.0 NLST DoS Exploit description XM Easy Personal FTP Server 5.6.0 Remote Denial of Service Exploit. CVE-2008-5626. Dos exploit for windows platform file exploits/windows/dos/6741.py id EDB-ID:6741 last seen 2016-02-01 modified 2008-10-13 platform windows port published 2008-10-13 reporter shinnai source https://www.exploit-db.com/download/6741/ title XM Easy Personal FTP Server 5.6.0 - Remote Denial of Service Exploit type dos
Metasploit
description This module is a port of shinnai's script. You need a valid login, but even anonymous can do it as long as it has permission to call NLST. id MSF:AUXILIARY/DOS/WINDOWS/FTP/XMEASY560_NLST last seen 2020-03-15 modified 2017-07-24 published 2009-01-09 references https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5626 reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb title XM Easy Personal FTP Server 5.6.0 NLST DoS description You need a valid login to DoS this FTP server, but even anonymous can do it as long as it has permission to call NLST. id MSF:AUXILIARY/DOS/WINDOWS/FTP/XMEASY570_NLST last seen 2020-03-09 modified 2017-07-24 published 2009-04-07 references https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5626 reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/windows/ftp/xmeasy570_nlst.rb title XM Easy Personal FTP Server 5.7.0 NLST DoS