Test ID:	1.3.6.1.4.1.25623.1.0.800546
Category:	FTP
Title:	Null FTP Server SITE Command Execution Vulnerability
Summary:	Check for the Version of NULL FTP Server
Description:	Overview: This host has Null FTP Server installed and is prone to arbitrary code execution vulnerability. Vulnerability Insight: An error is generated while handling custom SITE command containing shell metacharacters such as & (ampersand) as a part of an argument. Impact: Successful exploitation will allow attacker to execute arbitrary codes in the context of the application. Impact Level: Application Affected Software/OS: NULL FTP Server Free and Pro version prior to 1.1.0.8 on Windows Fix: Upgarde to the latest version 1.1.0.8 or later http://www.vwsolutions.com/NullFTPServer/ References: http://secunia.com/advisories/32999 http://www.milw0rm.com/exploits/7355 http://xforce.iss.net/xforce/xfdb/47099
Cross-Ref:	BugTraq ID: 32656 Common Vulnerability Exposure (CVE) ID: CVE-2008-6534 http://www.milw0rm.com/exploits/7355 http://vuln.sg/nullftpserver1107-en.html http://www.securityfocus.com/bid/32656 http://www.osvdb.org/50486 http://secunia.com/advisories/32999 http://www.vupen.com/english/advisories/2008/3367 XForce ISS Database: nullftpserver-site-command-execution(47099) http://xforce.iss.net/xforce/xfdb/47099
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: