Joachim Nilsson

4 exploits Active since Jul 2019
CVE-2019-14323 WRITEUP HIGH WRITEUP
SSDP Responder <1.5 - Buffer Overflow
SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is enabled. This is caused by an off-by-one error in ssdp_recv in ssdpd.c.
CVSS 7.5
CVE-2020-20276 WRITEUP CRITICAL WRITEUP
Troglobit Uftpd < 2.10 - Out-of-Bounds Write
An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution.
CVSS 9.8
CVE-2020-5204 WRITEUP MEDIUM WRITEUP
Troglobit Uftpd < 2.11 - Buffer Overflow
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len(&#39;255.255.255.255&#39;) == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11
CVSS 6.5
CVE-2020-5221 WRITEUP MEDIUM WRITEUP
Troglobit Uftpd < 2.11 - Path Traversal
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11
CVSS 6.5