Refine your search
3 vulnerabilities found for BulletProof FTP Server by Bpftpserver
CVE-2018-25229 (GCVE-0-2018-25229)
Vulnerability from cvelistv5
Published
2026-03-30 11:02
Modified
2026-03-30 11:23
Severity ?
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-1282 - Assumed-Immutable Data is Stored in Writable Memory
Summary
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 'A' characters in the SMTP Server field and trigger a crash by clicking the Test button.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bpftpserver | BulletProof FTP Server |
Version: 2019.0.0.50 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25229",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T11:23:45.685679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T11:23:59.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BulletProof FTP Server",
"vendor": "Bpftpserver",
"versions": [
{
"status": "affected",
"version": "2019.0.0.50"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2018-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 \u0027A\u0027 characters in the SMTP Server field and trigger a crash by clicking the Test button."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1282",
"description": "Assumed-Immutable Data is Stored in Writable Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T11:02:21.772Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46422",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46422"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://bpftpserver.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://bpftpserver.com/products/bpftpserver/windows/download"
},
{
"name": "VulnCheck Advisory: BulletProof FTP Server 2019.0.0.50 Denial of Service via SMTP",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/bulletproof-ftp-server-denial-of-service-via-smtp"
}
],
"title": "BulletProof FTP Server 2019.0.0.50 Denial of Service via SMTP",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25229",
"datePublished": "2026-03-30T11:02:21.772Z",
"dateReserved": "2026-03-30T10:55:16.091Z",
"dateUpdated": "2026-03-30T11:23:59.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25588 (GCVE-0-2019-25588)
Vulnerability from cvelistv5
Published
2026-03-22 00:11
Modified
2026-03-24 15:14
Severity ?
6.9 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-1282 - Assumed-Immutable Data is Stored in Writable Memory
Summary
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bpftpserver | BulletProof FTP Server |
Version: 2019.0.0.50 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25588",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T14:01:17.488103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T15:14:57.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BulletProof FTP Server",
"vendor": "Bpftpserver",
"versions": [
{
"status": "affected",
"version": "2019.0.0.50"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2019-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1282",
"description": "Assumed-Immutable Data is Stored in Writable Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-22T00:15:31.176Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46875",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46875"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://bpftpserver.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://bpftpserver.com/products/bpftpserver/windows/download"
},
{
"name": "VulnCheck Advisory: BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/bulletproof-ftp-server-denial-of-service-via-dns-address"
}
],
"title": "BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25588",
"datePublished": "2026-03-22T00:11:09.625Z",
"dateReserved": "2026-03-21T16:46:27.878Z",
"dateUpdated": "2026-03-24T15:14:57.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25587 (GCVE-0-2019-25587)
Vulnerability from cvelistv5
Published
2026-03-22 00:11
Modified
2026-03-23 19:51
Severity ?
6.9 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-1282 - Assumed-Immutable Data is Stored in Writable Memory
Summary
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bpftpserver | BulletProof FTP Server |
Version: 2019.0.0.50 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25587",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T19:50:27.485221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T19:51:45.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BulletProof FTP Server",
"vendor": "Bpftpserver",
"versions": [
{
"status": "affected",
"version": "2019.0.0.50"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2019-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1282",
"description": "Assumed-Immutable Data is Stored in Writable Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-22T00:15:30.440Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46876",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46876"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://bpftpserver.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://bpftpserver.com/products/bpftpserver/windows/download"
},
{
"name": "VulnCheck Advisory: BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/bulletproof-ftp-server-storage-path-denial-of-service"
}
],
"title": "BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25587",
"datePublished": "2026-03-22T00:11:08.855Z",
"dateReserved": "2026-03-21T16:46:16.106Z",
"dateUpdated": "2026-03-23T19:51:45.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}