Search | Research | Contact Us Tuesday May 23, 2022
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  4 eBay And Amazon Still Vulnerable
  5 When Small Mistakes Can Cause Big Problems
  6 Woltlab Burning Board SQL Injection Vulnerability
  7 WordPress And Earlier Multiple Vulnerabilities
  8 PEAR XML_RPC Library Remote Code Execution
  9 Multiple Vulnerabilities In phpWebsite
10 Document Object Model Hijacking Explained
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Vulns In Pablo Software Solutions FTP Service 1.2
June 03, 2022
Vendor : Pablo Software Solutions
Version : FTP Service 1.2
Risk : Information Disclosure & Unauthorized Access

FTPService.exe is a service-version of Pablo's FTP Server. This service enables you to have the FTP server active even when you're not logged into Windows.

Anonymous Access
The anonymous account is by default set to have download access to anything in the C:\ directory. While this can be disabled by simply deleting the anonymous account, it poses a serious threat for anyone not aware of the problem.


In conclusion this application is totally open to complete compromise by default. Vendor was notified and plans on releasing a fix soon.

Plaintext Password Weakness:
User info is stored in users.dat in plaintext. If the anonymous account is present (it is by default) the entire FTP server can be compromised

ftp://somewhere/program files/pablo's ftp service/users.dat

Upgrade your version of Pablo FTP Service.

James Bercegay of the GulfTech Security Research Team.