exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Core FTP Server 1.2 Build 505 Code Execution

Core FTP Server 1.2 Build 505 Code Execution
Posted Feb 20, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Core FTP Server version 1.2 build 505 suffers from a local code execution vulnerability.

tags | advisory, local, code execution
advisories | CVE-2014-1215
SHA-256 | 64260d9a672fe5d35579393d66ab0047c1d1ed3a7ca49c30bcfd2138e3c204d5

Core FTP Server 1.2 Build 505 Code Execution

Change Mirror Download
Vulnerability title: Local Code Execution in CoreFTP Core FTP Server
CVE: CVE-2014-1215
Vendor: CoreFTP
Product: Core FTP Server
Affected version: v1.2 build 505
Fixed version: v1.2 build 508
Reported by: Kyriakos Economou

Details:
Core FTP Server v1.2 build 505 (latest version) and possibly earlier
versions, suffer from multiple buffer overflow vulnerabilities, when
reading data from the config.dat file and/or Windows Registry using the
lstrcpy and RegQueryValueEx functions without evaluating the size of the
data based on the size of the destination buffer, which can lead to
arbitrary code execution.
It is recommended to revise all code locations where the application
makes use of those functions.

Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1215/

Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.

Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close