Lucene search
K

6361 matches found

Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.63 views

📄 Wing FTP Server 8.1.3 Remote Code Execution

Wing FTP Server version 8.1.2 contains a remote code execution vulnerability in the session serialization mechanism. An authenticated administrator can inject arbitrary Lua code through the domain admin mydirectory basefolder field, which gets executed server-side via loadfile. Exploit Title: Win...

8.6CVSS6.5AI score0.02643EPSS
Exploits5
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.82 views

Wing FTP Server 8.1.3 - Authenticated Remote Code Execution

Exploit Title: Wing FTP Server 8.1.3 - Authenticated Remote Code Execution Date: 12.05.2026 Exploit Author: Ünsal Furkan Harani Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: v8.1.2 Tested on: Wing FTP Server = 8.1.2, fixed in 8.1.3 CV...

8.6CVSS5.8AI score0.02643EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/05/24 6:5 p.m.139 views

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 — Wing FTP Server Unauth RCE rewrite Python...

10CVSS7.7AI score0.95343EPSS
Exploits23
GithubExploit
GithubExploit
added 2026/05/14 6:58 a.m.97 views

Exploit for CVE-2026-44403

Wing FTP Server v8.1.2 contains a Remote Code Execution RCE vu...

8.6CVSS6.1AI score0.02643EPSS
Exploits5
Cvelist
Cvelist
added 2026/05/13 8:14 p.m.70 views

CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS0.00476EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/12 9:31 p.m.10 views

EUVD-2026-29848

Wing FTP Server 8.1.2 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session values...

8.6CVSS6.5AI score0.02643EPSS
Exploits5References3
Vulnrichment
Vulnrichment
added 2026/05/12 8:43 p.m.9 views

CVE-2026-44403 Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization

Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session...

8.6CVSS6.5AI score0.02643EPSS
Exploits5References2
CVE
CVE
added 2026/05/12 8:43 p.m.33 views

CVE-2026-44403

Wing FTP Server 8.1.2 is affected: an authenticated remote code execution due to unsafe session serialization that injects Lua via the domain admin mydirectory field, leading to code execution when a poisoned session is loaded with loadfile(). Root cause: unsafe serialization of session values in...

8.6CVSS6.5AI score0.02643EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 8:43 p.m.38 views

CVE-2026-44403 Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization

Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session...

8.6CVSS0.02643EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:43 p.m.13 views

CVE-2026-44403

Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session...

8.6CVSS6.5AI score0.02643EPSS
Exploits5References3Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Wing FTP Server 代码注入漏洞

Wing FTP Server is an open-source, cross-platform FTP server software developed by Wing FTP Server. Version 8.1.2 of Wing FTP Server has a code injection vulnerability. This vulnerability stems from the session serialization mechanism, where the mydirectory field for domain administrators allows...

8.6CVSS6.1AI score0.02643EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40434

Name of the Vulnerable Software and Affected Versions Wing FTP Server version 8.1.2 Description An authenticated remote code execution issue exists in the session serialization mechanism. Authenticated administrators can inject arbitrary Lua code through the domain admin mydirectory field. This...

8.6CVSS6.5AI score0.02643EPSS
Exploits5References7
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.8 views

HP Printer Buffer Overflow (CVE-2006-6742)

Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service device crash via a long string in the 1 LIST or 2 NLST...

7.8CVSS5.9AI score0.02909EPSS
Exploits0References2
NVD
NVD
added 2026/04/27 2:16 p.m.7 views

CVE-2026-6265

Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1...

8.8CVSS0.0026EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/27 1:0 p.m.3 views

CVE-2026-6265 Local Privilege Escalation in Cerberus FTP Server =< 2025.4.2

Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1...

7.3CVSS5.1AI score0.0026EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 1:0 p.m.9 views

CVE-2026-6265

Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1...

7.3CVSS5.1AI score0.0026EPSS
Exploits1References3
CVE
CVE
added 2026/04/27 1:0 p.m.20 views

CVE-2026-6265

CVE-2026-6265 is a local privilege escalation in Cerberus FTP Server on Windows due to insecure preserved inherited permissions. The issue affects Cerberus FTP Server versions up to and including 2025.4.2 and is resolved in version 2026.1. The CVSS-derived metrics indicate a high impact with loca...

8.8CVSS5.1AI score0.0026EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.9 views

Cerberus FTP Server 安全漏洞

Cerberus FTP Server is a Windows-based FTP server from the American company Cerberus. It supports FTP sessions encrypted using FTPS and SFTP. Versions of Cerberus FTP Server prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from insecure inheritance of permissions,...

8.8CVSS5.8AI score0.0026EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35415

Name of the Vulnerable Software and Affected Versions Cerberus FTP Server versions prior to 2026.1 Description Insecure preserved inherited permissions in Cerberus FTP Server on Windows allow for privilege escalation. Recommendations Update to version 2026.1...

8.8CVSS5.8AI score0.0026EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:28 a.m.4 views

CVE-2026-41324

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...

7.5CVSS5.8AI score0.00332EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder