3504 matches found
SUSE-SU-2026:20988-1 Security update for gnome-online-accounts, gvfs
This update for gnome-online-accounts, gvfs fixes the following issues: Changes for gvfs: Update gvfs to 1.59.90: - CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers bsc1258953. - CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRL...
EUVD-2018-21710
FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter...
PT-2026-29012
FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter...
[SECURITY] Fedora 42 Update: php-phpseclib-2.0.52-1.fc42
MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...
zFTP Client 缓冲区错误漏洞
The zFTP Client is a graphical file transfer client tool developed by the zFTP company, which supports the File Transfer Protocol. The zFTP Client version 20061220+dfsg3-4.1 has a buffer error vulnerability. This vulnerability stems from buffer overflows in the handling of the NAME parameter duri...
CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message
A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...
CVE-2026-0968
A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...
CVE-2026-0968
CVE-2026-0968 : A flaw in libssh allows a malicious SFTP server to cause an out-of-bounds read by sending a malformed ‘longname’ in SSH_FXP_NAME during directory listings. This null-check omission can read past allocated heap memory, potentially triggering DoS via application crashes. The issue i...
CVE-2026-0968
A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...
CVE-2026-0968
A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...
CVE-2026-22320
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...
CVE-2026-22318
A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack...
curl: Security Vulnerability Report: Protocol Injection via Programmatic Options
Summary Multiple text-based protocol handlers in libcurl including FTP, SMTP, POP3, and IMAP are vulnerable to protocol command injection. This occurs when an application sets credentials or other protocol-specific options programmatically e.g., via CURLOPTUSERNAME, CURLOPTPASSWORD, or...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GVfs vulnerabilities (USN-8114-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8114-1 advisory. It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A maliciou...
Exploit for OS Command Injection in Vsftpd_Project Vsftpd
🔐 Pentest Lab — Metasploitable2 📋 Description Premier lab...
USN-8114-1: GVfs vulnerabilities
It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A malicious remote server could possibly use this issue to help scan for open ports. CVE-2026-28295 It was discovered that the GVfs FTP backend incorrectly handled crafted fi...
USN-8114-1 gvfs vulnerabilities
It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A malicious remote server could possibly use this issue to help scan for open ports. CVE-2026-28295 It was discovered that the GVfs FTP backend incorrectly handled crafted fi...
CVE-2026-1958 Hard-coded passwords in KlinikaXP
Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious...
EUVD-2019-19979
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite t...
CVE-2019-25619 FTP Shell Server 6.83 Buffer Overflow via Account Name
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite t...