Lucene search
K

6363 matches found

Nuclei
Nuclei
added yesterday75 views

Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie

Wing FTP Server versions prior to 7.4.4 are vulnerable to an authenticated information disclosure vulnerability CVE-2025-47813. The vulnerability occurs due to improper validation of the 'UID' session cookie in the /loginok.html endpoint. Supplying an overlong UID value causes the server to respo...

10CVSS6.8AI score0.95343EPSS
Exploits24References2
Metasploit
Metasploit
added 6 days ago19 views

FTP Fetch, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/dllinject/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf payloadreversetcprc4dns show options...

6.2AI score
Exploits0
Metasploit
Metasploit
added 6 days ago25 views

FTP Fetch, Reverse TCP Stager (DNS)

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/patchupmeterpreter/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns show options ...sh...

6.2AI score
Exploits0
Metasploit
Metasploit
added 6 days ago26 views

FTP Fetch, Windows Meterpreter Shell, Bind Named Pipe Inline

Fetch and execute an x86 payload from an FTP server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x86/meterpreterbindnamedpipe msf payloadmeterpreterbindnamedpipe show actions ...actions... msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 6 days ago15 views

FTP Fetch

Fetch and execute an x64 payload from an FTP server. Module Options msf use payload/cmd/windows/ftp/x64/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options ...show and set options... msf payloaddownloadexec run Th...

6.2AI score
Exploits0
Metasploit
Metasploit
added 6 days ago13 views

FTP Fetch

Fetch and execute an x64 payload from an FTP server. Module Options msf use payload/cmd/linux/ftp/x64/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and set...

6.2AI score
Exploits0
Metasploit
Metasploit
added 6 days ago14 views

FTP Fetch, Reverse TCP Stager

Fetch and execute an AARCH64 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/ftp/aarch64/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

6.2AI score
Exploits0
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.385 views

Wing FTP Server <= 7.4.3 - Remote Code Execution

Wing FTP Server versions prior to 7.4.4 are vulnerable to an unauthenticated remote code execution RCE flaw CVE-2025-47812. The vulnerability arises from improper NULL byte handling in the 'username' parameter during login, which allows Lua code injection into session files. These injected sessio...

10CVSS7.7AI score0.95343EPSS
Exploits23References2
NVD
NVD
added 2026/06/11 7:16 a.m.16 views

CVE-2026-40987

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through...

7.1CVSS0.0021EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.12 views

cve-2026-40987 - HIGH - Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization

cve-2026-40987 - HIGH - Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization...

7.1CVSS6.1AI score0.0021EPSS
Exploits0
CVE
CVE
added 2026/06/09 2:45 a.m.47 views

CVE-2026-11620

CVE-2026-11620 affects TOTOLINK EX200 firmware 4.0.3c.7646, via the vsftpd component and manipulation of /etc/vsftpd.conf, causing a least-privilege violation that can be exploited remotely. The exploit is public. The exact root cause, affected subcomponents, and remediation details are not fully...

6.9CVSS5.6AI score0.00285EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 5:30 p.m.11 views

CVE-2026-11554 TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation

A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

5.3CVSS5.2AI score0.00206EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 5:30 p.m.28 views

CVE-2026-11554

CVE-2026-11554 affects TOTOLINK CP450 4.1.0cu.747. The vulnerability targets unknown code in the vsftpd component, specifically the /etc/vsftpd.conf file, and results in a least privileged access violation. The attack may be initiated remotely, and public exploit details exist. Current documents ...

5.3CVSS5.2AI score0.00206EPSS
Exploits0References6
OSV
OSV
added 2026/06/08 4:16 p.m.2 views

ALPINE-CVE-2026-44186

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS5.9AI score0.00562EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 3:11 p.m.13 views

EUVD-2026-35088

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.00562EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47324

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description The mod proxy ftp module contains a loop with an unreachable exit condition, leading to an infinite loop when interacting with an attacker-controlled backend FTP server...

9.8CVSS5.4AI score0.02134EPSS
Exploits1References133
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There is a bug in Apache HTTP Server involving infinite loops; however, detailed information...

7.3CVSS5.8AI score0.00562EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/06 11:31 p.m.173 views

Metasploit2-pentest

Metasploitable2 Penetration Test Lab Author: Lillian Jone...

10CVSS5.4AI score0.96184EPSS
Exploits55
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6265

Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1...

8.8CVSS5.4AI score0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44403

Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session...

8.6CVSS6.4AI score0.02643EPSS
Exploits5References1
Rows per page
Query Builder