汇总 filezilla 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 缓冲区溢出与拒绝服务,在 生产负载与软件部署 使用场景中可能带来 应用崩溃与内存损坏 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2007-2318 | Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. | [email protected] | 9.3 | 4.50% | 2007-04-26 | 2026-04-23 |
| CVE-2007-0317 | Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information. | [email protected] | 7.5 | 2.50% | 2007-01-18 | 2026-04-23 |
| CVE-2007-0315 | Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information. | [email protected] | 9.3 | 3.97% | 2007-01-18 | 2026-04-23 |
| CVE-2006-6564 | FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command. | [email protected] | 4.0 | 5.73% | 2006-12-15 | 2026-04-23 |
| CVE-2006-2403 | Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors. | [email protected] | 7.5 | 2.43% | 2006-05-16 | 2026-04-16 |
| CVE-2006-2173 | Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. | [email protected] | 6.4 | 6.50% | 2006-05-04 | 2026-04-16 |
| CVE-2005-3589 | Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command. | [email protected] | 7.8 | 52.86% | 2005-11-16 | 2026-04-16 |
| CVE-2005-2898 | NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently. | [email protected] | 4.6 | 0.50% | 2005-09-14 | 2026-04-16 |