Lucene search
K

3504 matches found

OSV
OSV
added 2026/03/31 9:8 a.m.1 views

SUSE-SU-2026:20988-1 Security update for gnome-online-accounts, gvfs

This update for gnome-online-accounts, gvfs fixes the following issues: Changes for gvfs: Update gvfs to 1.59.90: - CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers bsc1258953. - CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRL...

4.3CVSS7.4AI score0.0036EPSS
Exploits2References5
EUVD
EUVD
added 2026/03/30 12:32 p.m.6 views

EUVD-2018-21710

FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter...

6.9CVSS6.1AI score0.00221EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-29012

FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter...

6.9CVSS6.1AI score0.00221EPSS
Exploits1References5
Fedora
Fedora
added 2026/03/28 1:7 a.m.5 views

[SECURITY] Fedora 42 Update: php-phpseclib-2.0.52-1.fc42

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

8.2CVSS5.8AI score0.00374EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.6 views

zFTP Client 缓冲区错误漏洞

The zFTP Client is a graphical file transfer client tool developed by the zFTP company, which supports the File Transfer Protocol. The zFTP Client version 20061220+dfsg3-4.1 has a buffer error vulnerability. This vulnerability stems from buffer overflows in the handling of the NAME parameter duri...

8.6CVSS6.2AI score0.0015EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 8:6 p.m.24 views

CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

3.1CVSS0.00442EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:6 p.m.3 views

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

3.1CVSS6AI score0.00442EPSS
Exploits0References6
CVE
CVE
added 2026/03/26 8:6 p.m.37 views

CVE-2026-0968

CVE-2026-0968 : A flaw in libssh allows a malicious SFTP server to cause an out-of-bounds read by sending a malformed ‘longname’ in SSH_FXP_NAME during directory listings. This null-check omission can read past allocated heap memory, potentially triggering DoS via application crashes. The issue i...

3.1CVSS5.8AI score0.00442EPSS
Exploits0References5Affected Software2
Debian CVE
Debian CVE
added 2026/03/26 8:6 p.m.5 views

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

3.1CVSS5.5AI score0.00442EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/03/26 8:6 p.m.3 views

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

3.1CVSS5.9AI score0.00442EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.6 views

CVE-2026-22320

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

6.5CVSS6.2AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.2 views

CVE-2026-22318

A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack...

4.9CVSS6.3AI score0.00339EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/03/25 7:27 p.m.45 views

curl: Security Vulnerability Report: Protocol Injection via Programmatic Options

Summary Multiple text-based protocol handlers in libcurl including FTP, SMTP, POP3, and IMAP are vulnerable to protocol command injection. This occurs when an application sets credentials or other protocol-specific options programmatically e.g., via CURLOPTUSERNAME, CURLOPTPASSWORD, or...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.6 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GVfs vulnerabilities (USN-8114-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8114-1 advisory. It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A maliciou...

4.3CVSS6.2AI score0.0036EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2026/03/24 8:34 p.m.170 views

Exploit for OS Command Injection in Vsftpd_Project Vsftpd

🔐 Pentest Lab — Metasploitable2 📋 Description Premier lab...

10CVSS5.8AI score0.96184EPSS
Exploits30
Ubuntu
Ubuntu
added 2026/03/23 12:53 p.m.6 views

USN-8114-1: GVfs vulnerabilities

It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A malicious remote server could possibly use this issue to help scan for open ports. CVE-2026-28295 It was discovered that the GVfs FTP backend incorrectly handled crafted fi...

4.3CVSS6.1AI score0.0036EPSS
Exploits2
OSV
OSV
added 2026/03/23 12:53 p.m.3 views

USN-8114-1 gvfs vulnerabilities

It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A malicious remote server could possibly use this issue to help scan for open ports. CVE-2026-28295 It was discovered that the GVfs FTP backend incorrectly handled crafted fi...

4.3CVSS6AI score0.0036EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/03/23 12:40 p.m.27 views

CVE-2026-1958 Hard-coded passwords in KlinikaXP

Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious...

8.7CVSS0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/22 3:31 p.m.3 views

EUVD-2019-19979

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite t...

8.6CVSS6.4AI score0.00214EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/22 1:38 p.m.21 views

CVE-2019-25619 FTP Shell Server 6.83 Buffer Overflow via Account Name

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite t...

8.6CVSS0.00214EPSS
Exploits1References3
Rows per page
Query Builder