3515 matches found
[SECURITY] Fedora 42 Update: proftpd-1.3.9a-1.fc42
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
EUVD-2026-28515
Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor...
Metasploit Wrap-Up 05/08/2026
Spring cleanup This week’s Metasploit updates focused on foundational improvements and expanded target reach. Key enhancements were made to the recently released Copy Fail exploit module, which now benefits from payload fixes in linux/x64/exec and linux/armle/exec. These changes expand its...
SUSE-SU-2026:1763-1 Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-local, terraform-provider-random, terraform-provider-tls
This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-local, terraform-provider-random, terraform-provider-tls fixes the following issues: -...
Electerm 操作系统命令注入漏洞
Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm prior to 3.7.9 contained an operating system command injection vulnerability. This vulnerability stemmed from the lack of filename cleaning in the SFTP editing function, which could allow...
NPM: mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening
NPM: mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening vulnerability discovered by ? in WordPress Npm mcp-ssh-tool versions = 2.1.0...
NPM: basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering
NPM: basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering vulnerability discovered by ? in WordPress Npm basic-ftp versions = 5.3.0...
basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering
Summary basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before authentication. The client keeps appending...
GHSA-RPMF-866Q-6P89 basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering
Summary basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before authentication. The client keeps appending...
Anonymous FTP Access Detection
Detect anonymous read/write FTP service access. Module Options msf use auxiliary/scanner/ftp/ftpanonymous msf auxiliaryftpanonymous show actions ...actions... msf auxiliaryftpanonymous set ACTION msf auxiliaryftpanonymous show options ...show and set options... msf auxiliaryftpanonymous run...
CVE-1999-0497
creationtimestamp| type| source ---|---|--- 2026-05-06 13:28:27+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ftp/ftpanonymous.rb...
[SECURITY] Fedora 44 Update: squid-7.5-1.fc44
Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups...
EUVD-2026-27345
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...
CVE-2026-34956
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...
UBUNTU-CVE-2026-34956
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...
CVE-2026-34956
CVE-2026-34956 affects Open vSwitch: the vulnerability is in the userspace conntrack FTP ALG handler where a crafted FTP payload (EPASV/FTP substrings) can trigger an invalid memory access due to type narrowing when copying FTP substrings. This memory access can crash the process, causing Denial ...
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...
Open vSwitch 安全漏洞
Open vSwitch is a virtual switch developed as part of the Collaborative Project. There is a security vulnerability in Open vSwitch. This vulnerability arises when configuring conntrack streams that use FTP auxiliary programs. A remote attacker can send a specially crafted FTP stream, resulting in...
JLSEC-2026-424 curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was...
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...