本页列出影响 ftpshell ftpshell_server 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2018-25226 | FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface. | [email protected] | 6.9 | 0.01% | 2026-03-30 | 2026-03-31 |
| CVE-2019-25619 | FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands. | [email protected] | 8.6 | 0.01% | 2026-03-22 | 2026-04-03 |
| CVE-2020-18077 | A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS). | [email protected] | 7.5 | 0.37% | 2021-12-17 | 2024-11-21 |
| CVE-2009-0349 | Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file. | [email protected] | 9.3 | 25.86% | 2009-01-29 | 2026-04-23 |
| CVE-2005-2426 | FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command. | [email protected] | 2.1 | 1.11% | 2005-08-03 | 2026-04-16 |