3503 matches found
[SECURITY] Fedora 42 Update: libssh-0.11.4-1.fc42
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...
NFTP 安全漏洞
NFTP is a file transfer tool developed by Sergey V. Ayukov. Version 1.71 of NFTP contains a security vulnerability; this vulnerability stems from a buffer overflow in the handling of the SYST command, which could allow remote attackers to execute arbitrary code...
📄 pfSense Ultimate Exploit Framework
This Python script is an exploitation framework targeting two authenticated remote code execution vulnerabilities in pfSense. One exploit vector is an unsafe deserialization in pfSense CE version 2.7.2 and another is related to XMLRPC execphp abuse in pfSense CE version 2.8.0...
emp3r0r Affected by Concurrent Map Access DoS (panic/crash)
Summary Multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process crash availability loss. Vulnerable Componentwith code examples Operator relay map h...
GHSA-F5P9-J34Q-PWCC emp3r0r Affected by Concurrent Map Access DoS (panic/crash)
Summary Multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process crash availability loss. Vulnerable Componentwith code examples Operator relay map h...
Startup
Startup – Professional Write-up Platform: TryHackMe Tar...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration that allows several server functions to execute in an SFTP session after the user account has been deleted or its password changed. A user can maintain unexpected access to the server by keeping an SFTP...
Insufficient Session Expiration
Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Insufficient Session Expiration that allows several server functions to execute in an SFTP session after the user account has been deleted or its password changed. A user can maintain...
Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change
Summary Deleting a user account with SFTP access or changing the user's password does not immediately terminate existing SFTP sessions, allowing continued filesystem access after credentials are revoked. This can result in unintended and unauthorized access to server files even after administrato...
GHSA-HR7J-63V7-VJ7G Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change
Summary Deleting a user account with SFTP access or changing the user's password does not immediately terminate existing SFTP sessions, allowing continued filesystem access after credentials are revoked. This can result in unintended and unauthorized access to server files even after administrato...
PT-2026-20338
Name of the Vulnerable Software and Affected Versions emp3r0r versions prior to 3.21.2 Description The software accesses multiple shared maps without consistent synchronization across goroutines. Concurrent activity can trigger a fatal error: concurrent map read and map write, leading to a C2...
[SECURITY] Fedora 43 Update: libssh-0.11.4-1.fc43
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...
CVE-2026-0968
A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...
CVE-2019-25329
FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler SEH with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger ...
CVE-2019-25332
FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows arbitrary code execution by overwriting the EIP register through a crafted command input; a 4108-byte payload can overwrite memory and execute shellcode. CVSS metrics indicate impact and exploitability (CVSS v4.0: ba...
CVE-2019-25329 FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)
FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler SEH with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger ...
CVE-2019-25321
CVE-2019-25321 affects FTP Navigator 8.03, where a stack overflow can be triggered by crafting a payload into the Custom Command textbox, allowing an attacker to overwrite Structured Exception Handler (SEH) registers and execute arbitrary code. The PoC demonstrates remote code execution, with a c...
PT-2026-7931
FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remot...
CVE-2025-67433
A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service DoS via a crafted DATA packet...
PT-2026-7890
Name of the Vulnerable Software and Affected Versions Open TFTP Server MultiThreaded version 1.7 Description A heap buffer overflow exists in the processRequest function of Open TFTP Server MultiThreaded. This issue can be triggered by sending a crafted DATA packet, potentially leading to a Denia...