CVE-2026-48858

The CVE-2026-48858 entry describes a Server-Side Request Forgery (SSRF) flaw in Erlang/OTP ftp’s PASV path: the ftp_internal PASV handler accepts the server’s 227 response IP and passes it to gen_tcp:connect without validating it against the control connection peer, unlike EPSV handlers. This ena...

EUVD-2026-36055

Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...

CVE-1999-0017

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce...

EUVD-2010-0021

Malware in sbrugna...

EUVD-2000-0807

Malware in sbrugna...

EUVD-2017-6729

Malware in sbrugna...

EUVD-2005-1648

Malware in sbrugna...

EUVD-1999-0017

Malware in sbrugna...

EUVD-2008-0313

Malware in sbrugna...

EUVD-2002-0533

Malware in sbrugna...

EUVD-2006-2113

Malware in sbrugna...

EUVD-2025-9667

Malicious code in bioql PyPI...

CVE-2007-6741

The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...

CVE-2025-25061

Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...

CVE-2025-25061

Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...

CVE-2025-25061

Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...

CVE-2025-25061

CVE-2025-25061 affects JTEKT/HMI ViewJet C-more and HMI GC-A2 series. Description: an unintended proxy/intermediary (Confused Deputy) vulnerability could allow a remote unauthenticated attacker to use the product as an intermediary for an FTP bounce attack. Impact: attacker may misuse the product...

CVE-2025-25061

Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...

PT-2025-14826 · Unknown · Hmi Gc-A2 Series +1

Name of the Vulnerable Software and Affected Versions: HMI ViewJet C-more series affected versions not specified HMI GC-A2 series affected versions not specified Description: The issue is related to an unintended proxy or intermediary problem, also known as 'Confused Deputy', which may allow a...

Improper privilege management in pyftpdlib

The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...