Search found 3 matches
- 2011-10-19 16:05
- Forum: FileZilla Server Support
- Topic: Filezilla Vulnerability
- Replies: 7
- Views: 5968
Re: Filezilla Vulnerability
Generally when performing a penetration test on production systems we turn-off the check-box which would perform an actual attack as a courtesy to our clients. We don't actually want to destroy anything, just find the holes and plug them... We can assume that FileZilla uses the same input buffer bef...
- 2011-10-18 20:51
- Forum: FileZilla Server Support
- Topic: Filezilla Vulnerability
- Replies: 7
- Views: 5968
Re: Filezilla Vulnerability
Plugin Output Nessus sent the following two commands in a single packet : AUTH TLS\r\nFEAT\r\n And the server sent the following two responses : 234 Using authentication type TLS 211-Features: MDTM REST STREAM SIZE MODE Z MLST type*;size*;modify*; MLSD AUTH SSL AUTH TLS UTF8 CLNT MFMT 211 End Descri...
- 2011-10-17 16:10
- Forum: FileZilla Server Support
- Topic: Filezilla Vulnerability
- Replies: 7
- Views: 5968
Filezilla Vulnerability
I was performing a penetration test using Nessus on client with a FileZilla server and I got the following medium severity event: FTP Service AUTH TLS Plaintext Command Injection I instructed my client to upgrade their FileZilla server to the latest version and he did so. I then re-ran the test and ...