CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0277

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile37.45th
PublishedNov 23, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username.

Affected Platforms (CPE)

πŸ“¦
Bolintech

Dream Ftp Server

= 1.02

References & Advisories

πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016871.html
πŸ”— http://marc.info/?l=bugtraq&m=107656166402882&w=2
πŸ”— http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722
πŸ”— http://www.securityfocus.com/bid/9600
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/15070
πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016871.html
πŸ”— http://marc.info/?l=bugtraq&m=107656166402882&w=2
πŸ”— http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722

Related Vulnerabilities

CVE-2007-03387.5

Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large n...

CVE-2006-67244.0

BolinTech Dream FTP Server 1.02 allows remote authenticated users, including anonymous users, to cause a denial of service (applic...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...