How to Create a Scan in Perl to Identify Vulnerable FTP Servers

This whitepaper covers how to create a perl script to identify vulnerable versions of FTP servers via their banners. Mitigations are also provided. Written in Portuguese...

Audi Universal Traffic Recorder App 安全漏洞

The Audi Universal Traffic Recorder App is a special app for traffic recorders from Audi, which can be used to connect to a traffic recorder, view previews, lock videos, and other operations. A security vulnerability exists in the Audi Universal Traffic Recorder App version 2.0, which stems from...

Security update for erlang

This update for erlang fixes the following issues: CVE-2025-26618: Fixed SSH SFTP packet size not verified properly in Erlang OTP bsc1237467. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...

ROADCAM X3 安全漏洞

ROADCAM X3 is a car recorder with HD quality and easy to carry by ROADCAM. It is used to record the process of driving, and supports video cropping, sharing and other functions. ROADCAM X3 suffers from a security vulnerability that originates from the inclusion of hard-coded FTP credentials in th...

PT-2025-47316

Name of the Vulnerable Software and Affected Versions rsync affected versions not specified Description A specially crafted client, acting as the receiver during an rsync file transfer, can cause a read error due to accessing memory outside the intended boundaries. This occurs because of a negati...

WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin FTP Sync versions = 1.1.6...

CVE-2025-27395

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and...

qcp has possible crash/DOS in some build configurations

Nature of issue: Crash Denial of Service Source of issue: Dependent package ring Affected versions of qcp: 0.1.0-0.3.2 Recommendation: Upgrade to qcp 0.3.3 or later Who is affected All versions of qcp from 0.1.0 to 0.3.2 are affected, but only if built with runtime overflow checks. Released qcp...

CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Ax...

curl: Memory leak of ftp (with proxy reuse)

Summary: summary of the vulnerability There is a memory leak with FTP see reproducer and stack trace I found it via fuzzing with https://github.com/catenacyber/curl-fuzzer/tree/proxy after fixing a small memory leak in curl Just reporting a bit raw, not sure this is not just a small leak that doe...

The vulnerability of the set_ftp_cfg() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.

The vulnerability of the setftpcfg function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to errors in system configuration or settings. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by sending...

The vulnerability of the set_ftp_cfg() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.

The vulnerability of the setftpcfg function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to errors in system configuration or settings. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by sending...

SSH SFTP packet size not verified properly in Erlang OTP

...

CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Ax...

CVE-2024-47259

CVE-2024-47259 affects Axis OS: VAPIX API endpoint dynamicoverlay.cgi with insufficient input validation that enables command injection, enabling potential file transfers to the Axis device and resource exhaustion. Axis has released patched AXIS OS versions; refer to Axis security advisory for de...

CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Ax...

USN-7313-1 erlang vulnerability

It was discovered that Erlang incorrectly handled SFTP packet sizes. A remote attacker could possibly use this issue to cause Erlang to consume resources, resulting in a denial of service...

SUSE CVE-2025-22869

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

AZL-57369 CVE-2025-22869 affecting package kubevirt for versions less than 1.2.0-15

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

AZL-57434 CVE-2025-22869 affecting package moby-compose for versions less than 2.17.3-10

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...