vendor:
GoldenFTP
by:
Craig Freyman (cd1zz) and Gerardo Iglesias Galvan (iglesiasgg)
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: GoldenFTP
Affected Version From: 4.7
Affected Version To: 4.7
Patch Exists: NO
Related CWE:
CPE: a:goldenftp_project:goldenftp:4.70
Platforms Tested: Windows XP SP3
2011
GoldenFTP 4.70 PASS Exploit
This exploit targets GoldenFTP version 4.70 and allows an attacker to gain unauthorized access to the server. By sending a specially crafted password (PASS command), an attacker can trigger a buffer overflow vulnerability, potentially leading to remote code execution. The exploit requires knowledge of the server's subnet and certain settings to be enabled. It has been tested on Windows XP SP3.
Mitigation:
Upgrade to a patched version of GoldenFTP.
