Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2005-2898

EPSS 0.50% · P39

Public Exploits 1

ExploitDB · 1 EDB-26220 [dos]
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2005-2898

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
FileZilla FTP客户端硬编码密钥漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FileZilla是一款Windows平台的开放源码FTP/SFTP客户端。 FileZilla将配置设置保存在XML文件或Windows注册表中,具体取决于安装时用户的偏好。但任何一种保存方式都是将除口令以外的配置设置以明文保存的,而口令是以很弱的XOR加密保存的,很容易恢复。XOR加密方法总是使用相同的硬编码加密密钥,任何人都可以分析应用程序的源码找到密钥。注意:这个漏洞厂商存在争议。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2005-2898

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2005-2898

登录查看更多情报信息。

Vendor Advisories for CVE-2005-2898 (2)

Mailing List Discussions for CVE-2005-2898 (2)

Other References for CVE-2005-2898 (1)

Same Patch Batch · n/a · 2005-09-14 · 32 CVEs total

CVE-2005-2892PBLang SetCookie.PHP目录遍历漏洞
CVE-2005-2916Linksys WRT54G用户身份认证绕过漏洞
CVE-2005-2915Linksys WRT54G ezconfig.asp弱编码漏洞
CVE-2005-2914Linksys WRT54G配置信息泄露漏洞
CVE-2005-2912Linksys WRT54G拒绝服务漏洞
CVE-2005-2904Zebedee远程拒绝服务漏洞
CVE-2005-2903Eset NOD32 ARJ 文档处理远程缓冲区溢出漏洞
CVE-2005-2902Class-1 Forum SQL注入漏洞
CVE-2005-2901CJ Web2Mail多个跨站点脚本漏洞
CVE-2005-2900CJ LinkOut Top.PHP跨站点脚本漏洞
CVE-2005-2899CJ Tag Board多个跨站点脚本漏洞
CVE-2005-2897WEB//NEWS信息泄露漏洞
CVE-2005-2896Stylemotion WEB//NEWS多个远程SQL注入漏洞
CVE-2005-2895PBLang setcookie.php信息泄露漏洞
CVE-2005-2894PBLang跨站脚本漏洞
CVE-2005-2893PBLang setcookie.php 静态代码注入漏洞
CVE-2005-1913Linux Kernel Subthread Exec本地拒绝服务漏洞
CVE-2005-2891CSystems WebArchiveX ActiveX组件任意文件读写漏洞
CVE-2005-2890SecureOL VE2物理内存安全环境访问绕过漏洞
CVE-2005-2889Check Point NGX "CIFS"规则限制绕过漏洞

Showing top 20 of 32 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

V. Comments for CVE-2005-2898

No comments yet


Leave a comment