Lucene search
K

3504 matches found

NVD
NVD
added 2026/04/10 4:16 p.m.3 views

CVE-2026-23781

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

9.8CVSS0.00284EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 3:31 p.m.5 views

EUVD-2026-21370

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

6.2AI score0.00401EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

BMC Control-M/MFT 安全漏洞

BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management automation software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities stemmed from hardcoded default deb...

9.8CVSS5.8AI score0.00284EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 12:0 a.m.5 views

CVE-2026-23781

CVE-2026-23781 affects BMC Control-M/MFT 9.0.20–9.0.22. A set of default debug user credentials is hardcoded in cleartext in the application package, and, if unchanged, could be obtained to gain unauthorized access to the MFT API debug interface. The CVSS v3.1 base score is 9.8 (CRITICAL) with ne...

9.8CVSS5.8AI score0.00284EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/10 12:0 a.m.25 views

CVE-2026-23781

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.2 views

PT-2026-31921

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

6.2AI score0.00401EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 6:17 p.m.4 views

DEBIAN-CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.3AI score0.02185EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/09 6:17 p.m.0 views

CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.8AI score0.02185EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/09 5:5 p.m.17 views

CVE-2026-39983 FTP Command Injection via CRLF in basic-ftp

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS0.02185EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/04/08 8:2 p.m.7 views

@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +25 more potentially affected by CVE-2026-39983 via basic-ftp (>=5.0.2 <=5.1.0)

basic-ftp NPM version =5.0.2, =0.2.6, =1.0.0, =1.0.0, =2.0.18, =1.9.2, =1.2.0, =4.6.0-blowfish, =1.0.3, =1.0.4, =0.1.1, =0.2.0 and more Source cves: CVE-2026-39983 Source advisory: SNYK:JS-BASICFTP-15953339...

8.6CVSS5.8AI score0.02185EPSS
Exploits1
EUVD
EUVD
added 2026/04/05 9:30 p.m.3 views

EUVD-2019-20097

Xlight FTP Server 3.9.1 contains a structured exception handler SEH overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual...

8.6CVSS6.4AI score0.00208EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/05 8:45 p.m.1 views

CVE-2019-25681 Xlight FTP Server 3.9.1 SEH Overwrite Buffer Overflow

Xlight FTP Server 3.9.1 contains a structured exception handler SEH overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual...

8.6CVSS6.4AI score0.00208EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2026/04/05 8:2 a.m.7 views

Libssh: libssh: denial of service due to malformed sftp message

...

3.1CVSS6.4AI score0.00442EPSS
Exploits0
Hacker One
Hacker One
added 2026/04/05 6:46 a.m.16 views

curl: FTP entrypath accepts 0xFF (Telnet IAC) through incomplete ISCNTRL filter, sent on wire via CWD on connection reuse

Summary A malicious FTP server can embed byte 0xFF Telnet IAC in the PWD response path. The ISCNTRL filter at lib/ftp.c:3095 expands to ISLOWCNTRLx || IS7Fx, which is unsigned charx entrypath line 3131 and sent verbatim via CWD %s on connection reuse line 849. I understand the KNOWNRISK.md and...

4.3CVSS6.7AI score0.03851EPSS
Exploits0
EUVD
EUVD
added 2026/04/04 3:30 p.m.3 views

EUVD-2018-21760

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and...

9.8CVSS6.7AI score0.00914EPSS
Exploits1References4
CVE
CVE
added 2026/04/04 1:51 p.m.11 views

CVE-2018-25254

CVE-2018-25254 affects NICO-FTP 3.0.1.19. The vulnerability is a structured exception handler (SEH) buffer overflow in the FTP service that allows remote code execution when an attacker sends crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handle...

9.8CVSS6.7AI score0.00914EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/04 1:51 p.m.3 views

CVE-2018-25254 NICO-FTP 3.0.1.19 Buffer Overflow SEH

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and...

9.8CVSS6.7AI score0.00914EPSS
Exploits1References3
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.108 views

HTTP Fetch, Windows Executable Download (http,https,ftp) and Execute

Fetch and execute an x86 payload from an HTTP server. Download an EXE from an HTTPS/FTP URL and execute it Module Options msf use payload/cmd/windows/http/x86/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options...

5.9AI score
Exploits0
Hacker One
Hacker One
added 2026/04/02 6:13 p.m.15 views

curl: # SCURLOPT_SSH_KNOWNHOSTS and host fingerprint pins are silently bypassed when an SSH connection is reused from the connection pool

Product libcurl all versions, all platforms, compiled with USESSH Protocols affected: sftp://, scp:// --- Summary libcurl's connection pool reuse logic for SSH-based protocols SFTP, SCP contains a security gap that allows a transfer's server-verification policy to be completely ignored. When an...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/02 3:57 p.m.151 views

Exploit for OS Command Injection in Vsftpd_Project Vsftpd

🧨 Metasploitable 2 Penetration Testing Lab 📅 Duration 2026...

10CVSS7.2AI score0.96184EPSS
Exploits30
Rows per page
Query Builder