Ftp

FTP Shell Server 6.83 contains a buffer overflow vulnerability (CVE-2019-25619) in the 'Account name to ban' field, enabling a local attacker to execute arbitrary code by injecting shellcode through a crafted string in the Manage FTP Accounts dialog.

The basic-ftp library is vulnerable to a client-side denial of service. A malicious FTP server can send an unterminated multiline response during the initial FTP banner phase, before authentication, causing the client to buffer attacker-controlled data without limit.