Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
Max CVSS
9.0
EPSS Score
25.59%
Published
2012-09-19
Updated
2017-08-29
FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow.
Max CVSS
7.8
EPSS Score
0.95%
Published
2007-02-07
Updated
2017-10-19
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access.
Max CVSS
6.4
EPSS Score
0.12%
Published
2003-12-31
Updated
2017-07-29
FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties.
Max CVSS
2.1
EPSS Score
0.05%
Published
2002-12-31
Updated
2008-09-05
4 vulnerabilities found