Lucene search
K

898 matches found

NVD
NVD
added 2025/09/25 12:15 p.m.4 views

CVE-2025-10957

This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files,...

8.7CVSS0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.7 views

Syrotech SY-GPON-2010-WADONT 访问控制错误漏洞

The Syrotech SY-GPON-2010-WADONT is an optical network termination device from Syrotech India. An access control error vulnerability exists in the Syrotech SY-GPON-2010-WADONT that stems from improper access control of the FTP service, which could lead to unauthorized access...

8.7CVSS6.7AI score0.003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.7 views

PT-2025-39363

Name of the Vulnerable Software and Affected Versions Syrotech SY-GPON-2010-WADONT router affected versions not specified Description The Syrotech SY-GPON-2010-WADONT router contains a flaw related to improper access control within its FTP service. A remote attacker can connect via FTP using...

8.7CVSS6.4AI score0.003EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2025/09/22 12:0 a.m.4 views

ProFTPD Detection Consolidation

Consolidation of ProFTPD detections. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.155379";...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/14 12:10 a.m.13 views

CVE-2025-45583

Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password...

9.1CVSS6.9AI score0.00335EPSS
Exploits1References1
NVD
NVD
added 2025/09/12 9:15 p.m.3 views

CVE-2025-45587

A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service DoS via a crafted input...

7CVSS0.00247EPSS
Exploits1References1
NVD
NVD
added 2025/09/12 9:15 p.m.6 views

CVE-2025-45583

Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password...

9.1CVSS0.00335EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.8 views

PT-2025-37351

Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder 2.0 Description: A stack overflow in the FTP service allows attackers to cause a Denial of Service DoS via a crafted input. Recommendations: At the moment, there is no information about a newer version...

7CVSS6.6AI score0.00247EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.2 views

Audi UTR 2.0 安全漏洞

Audi UTR 2.0 is an in-vehicle car recording system from Audi Germany. A security vulnerability exists in Audi UTR 2.0, which originates from improper access control of the FTP protocol, which allows an attacker to authenticate using any combination of username and password...

9.1CVSS6.7AI score0.00335EPSS
Exploits1References2
CVE
CVE
added 2025/09/12 12:0 a.m.22 views

CVE-2025-45583

CVE-2025-45583 affects Audi UTR 2.0 Universal Traffic Recorder 2.0. The vulnerability is an improper access control in the FTP protocol that allows an attacker to authenticate to the service using any username/password combination. CVSS metrics in the provided records indicate a CRITICAL base sco...

9.1CVSS6.5AI score0.00335EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/09/12 12:0 a.m.24 views

CVE-2025-45587

CVE-2025-45587 describes a stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 that allows attackers to cause a Denial of Service (DoS) via a crafted input. Affected component is the FTP service; root cause is a stack overflow. Documented impact: availability impact h...

7CVSS6.6AI score0.00247EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/12 12:0 a.m.4 views

CVE-2025-45583

Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password...

6.5AI score0.00335EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.5 views

PT-2025-37347

Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder 2.0 affected versions not specified Description: An incorrect access control issue exists in the FTP protocol. This allows attackers to authenticate to the service using any combination of username and...

9.1CVSS6.2AI score0.00335EPSS
Exploits1References6
OSV
OSV
added 2025/09/11 9:15 a.m.8 views

UBUNTU-CVE-2025-48040

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...

6.9CVSS5.8AI score0.00402EPSS
Exploits0References5
CVE
CVE
added 2025/09/11 8:13 a.m.27 views

CVE-2025-48038

CVE-2025-48038 affects Erlang OTP ssh (ssh_sftpd) with Allocation of Resources Without Limits or Throttling, causing excessive resource consumption. The issue is present across multiple OTP/erlang SSH versions (as detailed in the CVE entry) and is being addressed through vendor advisories and sec...

5.3CVSS5.4AI score0.00359EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.3 views

PT-2025-37164

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 Erlang OTP versions 27.3.4.3 ssh versions 3.0.1 through 5.3.3 ssh versions 5.1.4.12 ssh versions 5.2.11.3 Description An uncontrolled resource consumption issue exists in...

7.1CVSS5.4AI score0.00402EPSS
Exploits0References47
RedhatCVE
RedhatCVE
added 2025/09/10 7:19 a.m.11 views

CVE-2025-41664

A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services e.g., FTP/SFTP. This access could allow the attacker to escalate privileges and modify firmware...

7.5CVSS7.3AI score0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/09 12:0 a.m.2 views

CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...

7.7AI score0.01468EPSS
Exploits0References2
CVE
CVE
added 2025/09/09 12:0 a.m.17 views

CVE-2025-57633

CVE-2025-57633 affects FTP-Flask-python (through version 5173b68). The vulnerability stems from the /ftp.html endpoint’s Upload File action, which builds a shell command from the ftp_file parameter and executes it via os.system() without sanitization or escaping, enabling unauthenticated remote c...

9.8CVSS7.8AI score0.01468EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.6 views

PT-2025-36443

Name of the Vulnerable Software and Affected Versions: WAGO Coupler 0750-0362 affected versions not specified Description: A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runti...

7.5CVSS6.5AI score0.00217EPSS
Exploits0References9
Rows per page
Query Builder