Wingate 4.1 Beta A and below allows users with access to read the logs to read any file on the filesystem by encoding the URL with escape codes, bypassing input validation. Includes wgate41a.c, proof of concept code. Fix available here.
d911de7376362eaa57534d66e1363dca6a222e4eac2a3b3c940f8173fb80d190
There is a vulnerability in the Wingate engine that allows a malicious user to disable all services to the engine by sending an abnormal string to the enabled Winsock Redirecter Service. Wingate Home/Standard/Pro version 4.0.1 is vulnerable. The problem has been addressed in Wingate 4.1 Beta A.
adfb54633be316c75b5176b75c94c600197e9e47ad32afe8556a55aab94d4477
WFTPD/WFTPD Pro 2.41 RC12 devulges sensitive information by revealing the full path of the current directory. This is fixed in WFTPD/WFTPD Pro 2.41 RC13. Exploit details included.
193366b65a5b1cdd836be3470f4aa6808039ca44452fe3c05bb6a2925d08ca56
WFTPD/WFTPD Pro 2.41 RC12 contains a remote denial of service vulnerability which does not require a valid login/password. Perl exploit code included.
2ce2075c4946300317f659cb6ce029291184ad6df10f2c8ceaee2b6620d0efc2
FTP Serv-U 2.5e for Windows will stack fault if sent a string containing a large number of null bytes. The system Serv-U is running on may become sluggish/unstable and eventually bluescreen. A valid user/pass combination is not required to take advantage of this vulnerability. Perl proof of exploit code included.
3b7e71c07f801ae031ed4432adb13b794ae79a828e784b4fce4045c0749b45b7
WFTPD/WFTPD Pro 2.41 RC11 contains four remote denial of service vulnerabilities. Perl proof of concept code included for each.
f66747fe1c3efb7f98a0b76e20c56baf2efea4d7adf3ae8f603bfb1fcc4364e6
WFTPD and WFTPD Pro 2.41 RC10 are vulnerable to a dos attack which requires a valid account. An out of sequence RNTO command will cause WFTPD to crash. Perl exploit included.
197ff2faeb06d92d06fab0c053ca625b8fc4adc1e1873cc553d55608365fabf5
iMesh 1.02 builds 116 and 177 for Windows are vulnerable to a buffer overflow that can be exploited to execute arbitrary code. Once iMesh connects to a server, it begins listening on a TCP port (varies). An attacker can connect to this port and cause an overflow which will overwrite EIP, effectively redirecting the flow of execution.
7e6502a1050bf172ba5bec4d156f3a8bc7a2d4a1cece70a84fffcb07c167cf9c