Vulnerabilities > G Rodola > Pyftpdlib > 0.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-10-19 | CVE-2010-3494 | Race Condition vulnerability in G.Rodola Pyftpdlib Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. | 4.3 |
2010-10-19 | CVE-2009-5013 | Resource Management Errors vulnerability in G.Rodola Pyftpdlib Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer. | 4.0 |
2010-10-19 | CVE-2009-5012 | Permissions, Privileges, and Access Controls vulnerability in G.Rodola Pyftpdlib ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session. | 4.0 |
2010-10-19 | CVE-2009-5011 | Race Condition vulnerability in G.Rodola Pyftpdlib Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494. | 4.3 |
2010-10-19 | CVE-2009-5010 | Race Condition vulnerability in G.Rodola Pyftpdlib Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494. | 4.3 |
2010-10-19 | CVE-2008-7264 | Improper Input Validation vulnerability in G.Rodola Pyftpdlib The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt. | 4.0 |
2010-10-19 | CVE-2008-7263 | Improper Authentication vulnerability in G.Rodola Pyftpdlib ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.5 |