898 matches found
CVE-2025-10957
This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files,...
Syrotech SY-GPON-2010-WADONT 访问控制错误漏洞
The Syrotech SY-GPON-2010-WADONT is an optical network termination device from Syrotech India. An access control error vulnerability exists in the Syrotech SY-GPON-2010-WADONT that stems from improper access control of the FTP service, which could lead to unauthorized access...
PT-2025-39363
Name of the Vulnerable Software and Affected Versions Syrotech SY-GPON-2010-WADONT router affected versions not specified Description The Syrotech SY-GPON-2010-WADONT router contains a flaw related to improper access control within its FTP service. A remote attacker can connect via FTP using...
ProFTPD Detection Consolidation
Consolidation of ProFTPD detections. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.155379";...
CVE-2025-45583
Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password...
CVE-2025-45587
A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-45583
Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password...
PT-2025-37351
Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder 2.0 Description: A stack overflow in the FTP service allows attackers to cause a Denial of Service DoS via a crafted input. Recommendations: At the moment, there is no information about a newer version...
Audi UTR 2.0 安全漏洞
Audi UTR 2.0 is an in-vehicle car recording system from Audi Germany. A security vulnerability exists in Audi UTR 2.0, which originates from improper access control of the FTP protocol, which allows an attacker to authenticate using any combination of username and password...
CVE-2025-45583
CVE-2025-45583 affects Audi UTR 2.0 Universal Traffic Recorder 2.0. The vulnerability is an improper access control in the FTP protocol that allows an attacker to authenticate to the service using any username/password combination. CVSS metrics in the provided records indicate a CRITICAL base sco...
CVE-2025-45587
CVE-2025-45587 describes a stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 that allows attackers to cause a Denial of Service (DoS) via a crafted input. Affected component is the FTP service; root cause is a stack overflow. Documented impact: availability impact h...
CVE-2025-45583
Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password...
PT-2025-37347
Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder 2.0 affected versions not specified Description: An incorrect access control issue exists in the FTP protocol. This allows attackers to authenticate to the service using any combination of username and...
UBUNTU-CVE-2025-48040
Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...
CVE-2025-48038
CVE-2025-48038 affects Erlang OTP ssh (ssh_sftpd) with Allocation of Resources Without Limits or Throttling, causing excessive resource consumption. The issue is present across multiple OTP/erlang SSH versions (as detailed in the CVE entry) and is being addressed through vendor advisories and sec...
PT-2025-37164
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 Erlang OTP versions 27.3.4.3 ssh versions 3.0.1 through 5.3.3 ssh versions 5.1.4.12 ssh versions 5.2.11.3 Description An uncontrolled resource consumption issue exists in...
CVE-2025-41664
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services e.g., FTP/SFTP. This access could allow the attacker to escalate privileges and modify firmware...
CVE-2025-57633
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...
CVE-2025-57633
CVE-2025-57633 affects FTP-Flask-python (through version 5173b68). The vulnerability stems from the /ftp.html endpoint’s Upload File action, which builds a shell command from the ftp_file parameter and executes it via os.system() without sanitization or escaping, enabling unauthenticated remote c...
PT-2025-36443
Name of the Vulnerable Software and Affected Versions: WAGO Coupler 0750-0362 affected versions not specified Description: A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runti...