3503 matches found
USN-7831-1: Erlang vulnerabilities
It was discovered that Erlang incorrectly handled resource allocation and consumption in the SFTP SSH module. An attacker could possibly use this issue cause Erlang to consume excessive resources, leading to a denial of service...
EUVD-2025-35164
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...
CVE-2025-10641 Unencrypted cleartext communication in EfficientLab WorkExaminer Professional
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...
CVE-2025-10641 Unencrypted cleartext communication in EfficientLab WorkExaminer Professional
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...
CVE-2025-10639 Usage of Hardcoded FTP Credentials EfficientLab WorkExaminer Professional
The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code...
PT-2025-42885
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A stack buffer overwrite can occur on the SFTP server side when receiving a malicious packet. The issue arises when the packet's handle size exceeds the system handle or file descriptor size, but remains withi...
Newforma Project Center Server Cross-Site Scripting Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center suffers from a cross-site scripting...
Fortra GoAnywhere MFT License Servlet Deserialization Vulnerability
Fortra GoAnywhere MFT is a Managed File Transfer MFT solution helping organizations build both internal and external data transfer exchanges. GoAnyWhere MFT versions before 7.8.4 and before 7.6.3 suffer from a deserialization vulnerabilty. By crafting a specific payload, a remote and...
Work Examiner Professional 安全漏洞
Work Examiner Professional is an employee computer monitoring software from Work Examiner USA. A security vulnerability exists in Work Examiner Professional that stems from the use of weakly hard-coded credentials by the FTP server, which could lead to data modification or reading and remote code...
CVE-2025-53868
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2025-34633
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-53868
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-53868 BIG-IP SCP and SFTP vulnerability
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-53868 BIG-IP SCP and SFTP vulnerability
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000151902: BIG-IP SCP and SFTP vulnerability CVE-2025-53868
Security Advisory Description When running in Appliance mode, a highly privileged authenticated attacker with access to Secure Copy SCP protocol and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. CVE-2025-53868 Impact In Appliance mode, an authenticated attacke...
F5 BIG-IP 操作系统命令注入漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 Corporation. F5 BIG-IP suffers from an operating system command injection vulnerability that originates from an elevated privilege...
EUVD-2025-34233
An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...
CVE-2025-53845
An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...
CVE-2025-53845
An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...
Fortinet FortiAnalyzer 授权问题漏洞
FortiAnalyzer is Fortinet's centralized security analysis and reporting platform. A security vulnerability exists in FortiAnalyzer that stems from a flaw in the authentication mechanism for OFTP requests. An attacker can exploit this vulnerability to obtain device operational status information o...