Anonymous FTP Access Detection

Detect anonymous read/write FTP service access. Module Options msf use auxiliary/scanner/ftp/ftpanonymous msf auxiliaryftpanonymous show actions ...actions... msf auxiliaryftpanonymous set ACTION msf auxiliaryftpanonymous show options ...show and set options... msf auxiliaryftpanonymous run...

CVE-1999-0497

creationtimestamp| type| source ---|---|--- 2026-05-06 13:28:27+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ftp/ftpanonymous.rb...

[SECURITY] Fedora 44 Update: squid-7.5-1.fc44

Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups...

EUVD-2026-27345

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...

CVE-2026-34956

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...

UBUNTU-CVE-2026-34956

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...

CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...

CVE-2026-34956

CVE-2026-34956 affects Open vSwitch: the vulnerability is in the userspace conntrack FTP ALG handler where a crafted FTP payload (EPASV/FTP substrings) can trigger an invalid memory access due to type narrowing when copying FTP substrings. This memory access can crash the process, causing Denial ...

CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...

Open vSwitch 安全漏洞

Open vSwitch is a virtual switch developed as part of the Collaborative Project. There is a security vulnerability in Open vSwitch. This vulnerability arises when configuring conntrack streams that use FTP auxiliary programs. A remote attacker can send a specially crafted FTP stream, resulting in...

JLSEC-2026-431 When doing SSH-based transfers using either SCP or SFTP, and asked to do public key...

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

JLSEC-2026-395

When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...

JLSEC-2026-424 curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was...

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

Astra Linux - уязвимость в libssh

A flaw was discovered in libssh, where a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed ‘longname’ field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond the allocated memory on the heap. Thi...

PT-2026-36613

Date: May 2, 2026 Status: ACTIVE GLOBAL EXPLOITATION / MASSIVE RCE WAVE Target: CrushFTP Enterprise Managed File Transfer All versions prior to 11.1.0 Severity: 10.0 MAXIMUM CRITICAL Unauthenticated Remote Code Execution / VFS Escape 1. Analysis: Why "VFS-Shatter" is Today’s Apex Threat While the...

TFTP Fetch, Linux Execute Command

Fetch and execute an AARCH64 payload from a TFTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/tftp/aarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... ms...

Metasploitable2-VAPT

Internal Host VAPT Assessment | Kali Linux + Metasploitable2...

Progress Software MOVEit 安全漏洞

Progress Software MOVEit is a secure hosted file transfer software developed by Progress Software Corporation in the United States. Versions of Progress Software MOVEit prior to 2025.0.0, 2024.1.8, and 2024.0.0 contained security vulnerabilities, which were caused by a major vulnerability that...

EUVD-2026-25849

Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1...

Cerberus FTP Server 安全漏洞

Cerberus FTP Server is a Windows-based FTP server from the American company Cerberus. It supports FTP sessions encrypted using FTPS and SFTP. Versions of Cerberus FTP Server prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from insecure inheritance of permissions,...