Dmnt

**Name of the Vulnerable Software and Affected Versions** RaidenFTPD version 2.4 build 3620 **Description** The issue is a stack-based buffer overflow that allows remote authenticated users to cause a denial of service or execute arbitrary code. This can be achieved by sending long commands, specifically the `CWD` and `MLST` commands. **Recommendations** For RaidenFTPD version 2.4 build 3620, consider restricting access to the `CWD` and `MLST` commands until a patch is available. As a temporary workaround, limit the length of input for these commands to prevent buffer overflow exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Titan FTP Server version 6.26 build 630 **Description** The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by utilizing the SITE WHO command. **Recommendations** For Titan FTP Server version 6.26 build 630, consider disabling the SITE WHO command as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WinFTP FTP Server version 2.3.0 **Description** The issue allows remote authenticated users to cause a denial of service when passive mode is used. This can be achieved via a sequence of FTP sessions that include an invalid `NLST -1` command. **Recommendations** For WinFTP FTP Server version 2.3.0, consider disabling the passive mode as a temporary workaround until a patch is available. Restrict access to the FTP server to minimize the risk of exploitation. Avoid using the `NLST` command with invalid parameters in the affected FTP sessions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GuildFTPd version 0.999.14 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a crash, and possibly execute arbitrary code. This is achieved by sending long arguments to the `CWD` and `LIST` commands, which triggers heap corruption due to an improper free call. The corruption may also lead to a heap-based buffer overflow. **Recommendations** For GuildFTPd version 0.999.14, consider restricting access to the `CWD` and `LIST` commands until a fix is available. As a temporary workaround, limiting the length of arguments to these commands may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Serv-U versions 7.0.0.1 through 7.3 Description: The issue allows remote authenticated users to cause a denial of service, specifically CPU consumption, by sending a crafted stou command. This is likely related to the handling of MS-DOS device names. An example of such a crafted command includes using "con:1". Recommendations: For Serv-U versions 7.0.0.1 through 7.3, consider restricting access to the stou command as a temporary workaround until a patch is available. Avoid using MS-DOS device names in commands to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Serv-U versions 7.0.0.1 through 7.3 Description: The issue allows remote authenticated users to overwrite or create arbitrary files via a .. (dot dot backslash) in the RNTO command, which is a directory traversal vulnerability in the FTP server. Recommendations: For Serv-U versions 7.0.0.1 through 7.3, consider restricting access to the RNTO command until a patch is available, and avoid using the .. (dot dot backslash) sequence in the command to minimize the risk of exploitation.