Security Bulletin: Multiple Vulnerabilities in IBM webMethods Managed File Transfer

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Managed File Transfer 11.1 Vulnerability Details CVEID:CVE-2023-2953 DESCRIPTION: A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function...

PCMan FTP Server Buffer Overflow Vulnerability (CNVD-2025-10695)

PCMan FTP Server is an FTP server software that provides file transfer services. PCMan FTP Server suffers from a buffer overflow vulnerability that stems from the failure of the HOST Command Handler module to properly process input when handling a specific request. No detailed vulnerability detai...

PCMan FTP Server MIC Command Buffer Overflow Vulnerability

PCMan FTP Server is a server software for file transfer protocol that provides file upload and download functions. A buffer overflow vulnerability exists in PCMan FTP Server that stems from the MIC Command Handler component failing to properly manage memory when processing a specific request. No...

PCMan FTP Server 安全漏洞

PCMan FTP Server is a server software for File Transfer Protocol FTP. A buffer overflow vulnerability exists in PCMan FTP Server that stems from the MPUT Command Handler failing to properly process input data when processing a specific request. No detailed vulnerability details are available at...

CVE-2025-3681

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component MODE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public...

PCMan FTP Server 安全漏洞

PCMan FTP Server is a server software for File Transfer Protocol FTP. A buffer overflow vulnerability exists in PCMan FTP Server that originates when the MODE Command Handler component fails to properly validate input data when processing a specific request. No detailed vulnerability details are...

PCMan FTP Server 安全漏洞

PCMan FTP Server is a lightweight FTP server software that provides basic file transfer functionality. PCMan FTP Server suffers from a buffer overflow vulnerability that stems from the CD Command Handler component failing to properly validate input data when processing a specific request. An...

Important: docker

Issue Overview: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or no...

SolarWinds Serv-U 跨站脚本漏洞

SolarWinds Serv-U is an FTP File Transfer Protocol server software from the US-based SolarWinds Corporation. A cross-site scripting vulnerability exists in SolarWinds Serv-U, which stems from a client-side cross-site scripting vulnerability that could lead to a local attack...

CrushFTP 安全漏洞

CrushFTP is a file transfer server from CrushFTP, Inc. A security vulnerability exists in CrushFTP that stems from vulnerability to directory traversal attacks...

golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

Advisory ROSA-SA-2025-2818

Software: rsync 3.1.3 OS: ROSA Virtualization 3.0 packageevrstring: rsync-3.1.3-21.rv30 CVE-ID: CVE-2024-12087 BDU-ID: 2025-00377 CVE-Crit: HIGH CVE-DESC.: A configuration vulnerability in the --inc-recursive configuration of the rsyncd daemon of the Rsync file transfer and synchronization utilit...

PCMan FTP Server 安全漏洞

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from an unknown feature in the EPSV command processor. No detailed vulnerability details are provided at this time...

JTEKT ELECTRONICS HMI ViewJet C-more 安全漏洞

JTEKT ELECTRONICS HMI ViewJet C-more is a series of human-machine interfaces from JTEKT ELECTRONICS, Japan. A security vulnerability exists in JTEKT ELECTRONICS HMI ViewJet C-more that stems from a proxy issue that could lead to an FTP bounce attack...

Sand Studio AirDroid Installed (Windows)

Binary data airdroidclientwininstalled.nbin...

ASB-A-296915500

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

编号撤回

CrushFTP is a file transfer server from CrushFTP, Inc. This CVE number has been withdrawn...

Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP

Rapid7 is warning customers of two notable unrelated vulnerabilities in Next.js, a React framework for building web applications, and CrushFTP, a file transfer technology that has previously been targeted by adversaries. CVE-2025-29927 is a critical improper authorization vulnerability in Next.js...

Creating an FTP Server Buffer Overflow Exploit with Metasploit

This paper, written in Brazilian Portuguese, explains how to create a common exploit from the data of a Metasploit Framework exploit to exploit a vanilla buffer overflow on an FTP server. In the context of application security, the author provides mitigation recommendations...

DEBIAN-CVE-2025-30474

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception messag...