CVE-2011-10005

EasyFTP MKD Command buffer overflow

CVSS 6.3 MEDIUMEPSS 3.5%CWE-120

Vexday Risk Score

28Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 6.3EPSS 3.5%KEV nãoPoC —Nuclei —Metasploit simPatch —

Lifecycle

04 Apr 2010Metasploit module available

16 Jan 2024Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected products

n/a · EasyFTP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://vuldb.com/?ctiid.250716 https://vuldb.com/?id.250716 https://www.exploit-db.com/exploits/17354