278 matches found
CrushFTP VFS - Sandbox Escape LFR
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. id: CVE-2024-4040 info: name: CrushFTP VFS - Sandbox Escape LFR author: DhiyaneshDK,pussycat0x severity:...
CrushFTP - Authentication Bypass
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. id: CVE-2025-31161 info: name: CrushFTP - Authenticati...
CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. id: CVE-2023-43177 info: name: CrushFTP 10.5.1 - Unauthenticated Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: critical description: | CrushFTP prior...
Exploit for Code Injection in Crushftp
CVE-2024-4040 — CrushFTP SSTI / LFI Proof of Concept For...
PT-2026-36613
Date: May 2, 2026 Status: ACTIVE GLOBAL EXPLOITATION / MASSIVE RCE WAVE Target: CrushFTP Enterprise Managed File Transfer All versions prior to 11.1.0 Severity: 10.0 MAXIMUM CRITICAL Unauthenticated Remote Code Execution / VFS Escape 1. Analysis: Why "VFS-Shatter" is Today’s Apex Threat While the...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
CVE-2025-3116...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
No d...
Exploit for Unprotected Alternate Channel in Crushftp
C...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
CVE-2025-31161 is a critical severity vulnerability allowing att...
CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
CVE-2018-18288
CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection...
Exploit for Unprotected Alternate Channel in Crushftp
CrushFTP AS2 Authentication Bypass Research !CVSS Scoreht...
Exploit for CVE-2025-63420
CVE-2025-63420 CrushFTP11 before 11.3.757 is vulnerable to s...
CVE-2025-63419
Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...
EUVD-2025-131917
Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...
CVE-2025-63419
Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...
CVE-2025-63419
Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...
CrushFTP 安全漏洞
CrushFTP is a file transfer server from CrushFTP, Inc. A security vulnerability exists in CrushFTP version 11.3.648, which stems from the web server file sharing feature not cleaning up filenames, and could lead to cross-site scripting attacks...
CVE-2025-63419
Summary: CVE-2025-63419 affects CrushFTP 11.3.6_48. The web-based server’s file sharing feature reflects the filename into an emailBody field without sanitization, enabling HTML injection through an XSS vulnerability. Affected: CrushFTP Web-Based Server (CrushFTP 11.3.6_48). Impact/Notes: XSS via...
CVE-2025-63419
Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...