Vulnerability Details : CVE-2006-2961
Public exploit exists!
Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2006-2961
- cpe:2.3:a:aclogic:cesarftp:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2961
77.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-2961
-
Cesar FTP 0.99g MKD Command Buffer Overflow
Disclosure Date: 2006-06-12First seen: 2020-04-26exploit/windows/ftp/cesarftp_mkdThis module exploits a stack buffer overflow in the MKD verb in CesarFTP 0.99g. You must have valid credentials to trigger this vulnerability. Also, you only get one chance, so choose your target carefully. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2006-2961
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-2961
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27071
-
http://www.securityfocus.com/bid/18586
ACLogic CesarFTP Multiple Commands Remote Buffer Overflow Vulnerability
-
http://www.vupen.com/english/advisories/2006/2287
Jump to