Selom Ofori: Security Vulnerabilities
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.
CVSS Score
4.6
EPSS Score
0.002
Published
2003-05-21
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges.
CVSS Score
4.6
EPSS Score
0.001
Published
2003-05-20
Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary code via a long argument to (1) USER, (2) PASS, or (3) CWD.
CVSS Score
7.5
EPSS Score
0.04
Published
2002-03-25