CVE-2025-57633

CVE-2025-57633 affects FTP-Flask-python (through version 5173b68). The vulnerability stems from the /ftp.html endpoint’s Upload File action, which builds a shell command from the ftp_file parameter and executes it via os.system() without sanitization or escaping, enabling unauthenticated remote c...

PT-2025-36443

Name of the Vulnerable Software and Affected Versions: WAGO Coupler 0750-0362 affected versions not specified Description: A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runti...

shellshocker-pocs

This is a collection of Proof of Concepts PoCs and potential targets for the ShellShocker vulnerability. The PoCs are designed to exploit the vulnerability in various products and services, including XMPP ejabberd, Mailman, MySQL, NFS, Bind9, FTP, and others. The PoCs are primarily focused on...

Chess.com Hit by Limited Data Breach Linked to 3rd-Party File Transfer Tool

Chess.com confirms a limited data breach affecting 4,500 users after a third-party file transfer tool was compromised. No…...

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-49728

CVE-2024-49728 affects Android Bluetooth code via generateFileInfo in BluetoothOppSendFileInfo.java, enabling a confused deputy to cause cross-user media disclosure. The issue yields local information disclosure without additional privileges and does not require user interaction to exploit, per t...

Security Bulletin: SSH servers which implement file transfer protocols are vulnerable, which affects IBM watsonx.data

Summary UsSSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. These can affect watsonx.data. Vulnerability Detail...

Linux Distros Unpatched Vulnerability : CVE-2021-45103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked...

OESA-2025-2092 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...

Vulnerability fixed in CrushFTP

CrushFTP has fixed a vulnerability in versions 10 through 10.8.5 and 11 through 11.3.423. The vulnerability is located in CrushFTP's AS2 validation. This vulnerability allows an attacker to gain administrative access via HTTPS, especially when the DMZ proxy feature is not used. The vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2022-32278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. CVE-2022-32278 Note that...

Linux Distros Unpatched Vulnerability : CVE-2020-25651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate...

CVE-2025-7426

The CVE-2025-7426 entry relates to MINOVA TTA, where the FTP credentials are exposed through the debug port 1604 on the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account and could enable data manipulation or extraction in automated processes (EDI/data integrat...

MINOVA TTA 安全漏洞

MINOVA TTA is an automated oil loading and unloading system from MINOVA, Germany. A security vulnerability exists in MINOVA TTA that originates from the exposure of FTP credentials on debug port 1604, which could lead to unauthenticated remote access and data disclosure...

PT-2025-34601 · Unknown · Minova Tta

Name of the Vulnerable Software and Affected Versions: MINOVA TTA version 11.17.0 Description: The MINOVA TTA service exposes authentication FTP credentials through debug port 1604, allowing unauthenticated remote access to active FTP accounts containing sensitive internal data and import...

ROS-20250825-04

A vulnerability in ASGI Starlette toolkit for creating asynchronous Python web services is related to blocking the main thread for transferring a file to disk. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2010-4756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The glob implementation in the GNU C Library aka glibc or libc6 allows remote authenticated users to cause a denial of service CPU and memory consumption via...

CVE-2010-20034

Gekko Manager FTP Client = 0.77 contains a stack-based buffer overflow in its FTP directory listing parser. When processing a server response to a LIST command, the client fails to properly validate the length of filenames. A crafted response containing an overly long filename can overwrite the...