{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2010-20107", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-08-20T18:00:00.782Z", "datePublished": "2025-08-21T20:11:09.838Z", "dateUpdated": "2025-08-22T15:31:10.335Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["FTP directory listing parser"], "product": "FTP Synchronizer Professional", "vendor": "Liuxz Software", "versions": [{"lessThanOrEqual": "4.0.73.274", "status": "affected", "version": "*", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "myne-us"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A stack-based buffer overflow exists in FTP Synchronizer Professional &lt;= v4.0.73.274. When the client connects to an FTP server and issues a LIST command\u2014typically during sync preview or profile creation\u2014the server\u2019s response containing an overly long filename triggers a buffer overflow. This results in the corruption of the Structured Exception Handler (SEH), potentially allowing remote code execution."}], "value": "A stack-based buffer overflow exists in FTP Synchronizer Professional <= v4.0.73.274. When the client connects to an FTP server and issues a LIST command\u2014typically during sync preview or profile creation\u2014the server\u2019s response containing an overly long filename triggers a buffer overflow. This results in the corruption of the Structured Exception Handler (SEH), potentially allowing remote code execution."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-08-21T20:11:09.838Z"}, "references": [{"tags": ["exploit"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftpsynch_list_reply.rb"}, {"tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/16720"}, {"tags": ["technical-description", "exploit"], "url": "https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/"}, {"tags": ["product"], "url": "https://www.ftpsynchronizer.com/"}, {"tags": ["product"], "url": "https://web.archive.org/web/20111016235434/http://www.ftpsynchronizer.com/"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/ftp-synchronizer-professional-stack-buffer-overflow"}], "source": {"discovery": "UNKNOWN"}, "title": "FTP Synchronizer Professional <= 4.0.73.274 Stack Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftpsynch_list_reply.rb", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/16720", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-22T15:31:06.892996Z", "id": "CVE-2010-20107", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-22T15:31:10.335Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2010-20107", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-22T15:31:06.892996Z"}}}], "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftpsynch_list_reply.rb", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/16720", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-22T15:31:00.706Z"}}], "cna": {"title": "FTP Synchronizer Professional <= 4.0.73.274 Stack Buffer Overflow", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "myne-us"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Liuxz Software", "modules": ["FTP directory listing parser"], "product": "FTP Synchronizer Professional", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.0.73.274"}], "defaultStatus": "unknown"}], "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftpsynch_list_reply.rb", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/16720", "tags": ["exploit"]}, {"url": "https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/", "tags": ["technical-description", "exploit"]}, {"url": "https://www.ftpsynchronizer.com/", "tags": ["product"]}, {"url": "https://web.archive.org/web/20111016235434/http://www.ftpsynchronizer.com/", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/ftp-synchronizer-professional-stack-buffer-overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow exists in FTP Synchronizer Professional <= v4.0.73.274. When the client connects to an FTP server and issues a LIST command\u2014typically during sync preview or profile creation\u2014the server\u2019s response containing an overly long filename triggers a buffer overflow. This results in the corruption of the Structured Exception Handler (SEH), potentially allowing remote code execution.", "supportingMedia": [{"type": "text/html", "value": "A stack-based buffer overflow exists in FTP Synchronizer Professional &lt;= v4.0.73.274. When the client connects to an FTP server and issues a LIST command\u2014typically during sync preview or profile creation\u2014the server\u2019s response containing an overly long filename triggers a buffer overflow. This results in the corruption of the Structured Exception Handler (SEH), potentially allowing remote code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-08-21T20:11:09.838Z"}}}, "cveMetadata": {"cveId": "CVE-2010-20107", "state": "PUBLISHED", "dateUpdated": "2025-08-22T15:31:10.335Z", "dateReserved": "2025-08-20T18:00:00.782Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-08-21T20:11:09.838Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow exists in FTP Synchronizer Professional <= v4.0.73.274. When the client connects to an FTP server and issues a LIST command\u2014typically during sync preview or profile creation\u2014the server\u2019s response containing an overly long filename triggers a buffer overflow. This results in the corruption of the Structured Exception Handler (SEH), potentially allowing remote code execution."}, {"lang": "es", "value": "Existe un desbordamiento de b\u00fafer basado en la pila en FTP Synchronizer Professional (versi\u00f3n anterior a la v4.0.73.274). Cuando el cliente se conecta a un servidor FTP y emite un comando LIST (normalmente durante la vista previa de la sincronizaci\u00f3n o la creaci\u00f3n de un perfil), la respuesta del servidor, que contiene un nombre de archivo demasiado largo, provoca un desbordamiento de b\u00fafer. Esto provoca la corrupci\u00f3n del Gestor de Excepciones Estructuradas (GEH), lo que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2010-20107", "lastModified": "2025-08-22T18:08:51.663", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-08-21T21:15:33.610", "references": [{"source": "disclosure@vulncheck.com", "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftpsynch_list_reply.rb"}, {"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/"}, {"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20111016235434/http://www.ftpsynchronizer.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/16720"}, {"source": "disclosure@vulncheck.com", "url": "https://www.ftpsynchronizer.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ftp-synchronizer-professional-stack-buffer-overflow"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftpsynch_list_reply.rb"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://www.exploit-db.com/exploits/16720"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{}