Shodan
Vulnerabilities
Vulnerable Software
Ftpshell:  Security Vulnerabilities
CVE-2018-25226
FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-03-30
CVE-2019-25619
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.
CVSS Score
8.6
EPSS Score
0.0
Published
2026-03-22
CVE-2020-18077
A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS).
CVSS Score
7.5
EPSS Score
0.004
Published
2021-12-17
CVE-2018-7573
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.
CVSS Score
9.8
EPSS Score
0.78
Published
2018-03-01
CVE-2017-6465
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.
CVSS Score
9.8
EPSS Score
0.805
Published
2017-03-10
CVE-2009-3364
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
CVSS Score
9.3
EPSS Score
0.064
Published
2009-09-24
CVE-2009-0349
Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file.
CVSS Score
9.3
EPSS Score
0.259
Published
2009-01-29
CVE-2005-2426
FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command.
CVSS Score
2.1
EPSS Score
0.011
Published
2005-08-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved