Lucene search
K

47 matches found

Nuclei
Nuclei
added 2 days ago30 views

Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution

Monsta FTP = 2.11 contains an unrestricted file upload vulnerability caused by lack of authentication on file uploads, letting unauthenticated attackers execute arbitrary code by uploading crafted files. id: CVE-2025-34299 info: name: Monsta FTP = 2.11.2 - Unauthenticated Remote Code Execution...

9.8CVSS7.3AI score0.72667EPSS
Exploits6References3
EUVD
EUVD
added last week8 views

EUVD-2026-42427

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obta...

8.6CVSS5.9AI score0.00308EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added last week5 views

CVE-2026-60105 Monsta FTP < 2.14.5 SSRF via IPv4-Mapped IPv6 Address Bypass

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obta...

8.6CVSS5.9AI score0.00308EPSS
Exploits0References3
CVE
CVE
added last week16 views

CVE-2026-60105

Monsta FTP before 2.14.5 contains a server-side request forgery (SSRF) in the fetchRemoteFile action due to an incomplete IP blocklist in isBlockedIP(), which fails to detect IPv4 addresses embedded in IPv4-mapped IPv6 addresses. An unauthenticated attacker can obtain a CSRF token from the public...

8.6CVSS5.9AI score0.00308EPSS
Exploits0References3
Cvelist
Cvelist
added last week38 views

CVE-2026-60105 Monsta FTP < 2.14.5 SSRF via IPv4-Mapped IPv6 Address Bypass

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obta...

8.6CVSS0.00308EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/01/30 12:0 a.m.189 views

📄 Monsta FTP 2.11 Remote File Injection

This Metasploit module exploits a vulnerability in Monsta FTP version 2.11 and enables remote file injection by creating a malicious FTP server. The application builds this server to upload a malicious PHP file reverse shell. After the file is uploaded, the module immediately verifies the...

9.8CVSS5.9AI score0.72667EPSS
Exploits6
GithubExploit
GithubExploit
added 2025/12/11 3:42 a.m.183 views

Exploit for Unrestricted Upload of File with Dangerous Type in Monstaftp Monsta_Ftp

CVE-2025-34299 Test Environment Docker test environment for C...

9.8CVSS8.7AI score0.72667EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2025/12/05 8:58 p.m.26 views

Metasploit Wrap-Up 12/05/2025

Twonky Auth Bypass, RCEs and RISC-V Reverse Shell Payloads This was another fantastic week in terms of PR contribution to the Metasploit Framework. Rapid7’s very own Ryan Emmons recently disclosed CVE-2025-13315 and CVE-2025-13316 which exist in Twonky Server and allow decrypting admin credential...

9.8CVSS9AI score0.75063EPSS
Exploits8
Metasploit
Metasploit
added 2025/11/27 6:57 p.m.480 views

Monsta FTP downloadFile Remote Code Execution

This module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions use exploit/multi/http/monstaftpdownloadfilerce msf exploitmonstaftpdownloadfilerce show targets ...targets... msf exploitmonstaftpdownloadfilerce set TARGET msf exploitmonstaftpdownloadfilerce sho...

9.8CVSS7.8AI score0.72667EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.176 views

📄 Monsta FTP DownloadFile Remote Code Execution

This Metasploit module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions prior to 2.11.3. The vulnerability exists in the downloadFile action which allows an attacker to connect to a malicious FTP or SFTP server and download arbitrary files to arbitrary...

9.8CVSS8.1AI score0.72667EPSS
Exploits6
VulnCheck KEV
VulnCheck KEV
added 2025/11/26 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

9.8CVSS6.2AI score0.72667EPSS
In wildExploits6References2
GithubExploit
GithubExploit
added 2025/11/19 12:39 a.m.211 views

Exploit for CVE-2025-34299

Monsta FTP CVE-2025-34299 Exploit Python exploit for the RCE...

9.3CVSS8.2AI score0.72667EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2025/11/08 1:57 p.m.6 views

CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

9.8CVSS7.9AI score0.72667EPSS
Exploits6References1
Vulnrichment
Vulnrichment
added 2025/11/07 1:51 p.m.3 views

CVE-2025-34299 Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

9.3CVSS7.5AI score0.72667EPSS
Exploits6References3
Cvelist
Cvelist
added 2025/11/07 1:51 p.m.14 views

CVE-2025-34299 Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

9.3CVSS0.72667EPSS
Exploits6References3
CVE
CVE
added 2025/11/07 1:51 p.m.42 views

CVE-2025-34299

Summary: Monsta FTP

9.8CVSS7.5AI score0.72667EPSS
In wildExploits6References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.6 views

PT-2025-45416

Name of the Vulnerable Software and Affected Versions Monsta FTP versions 2.11 and earlier Monsta FTP versions prior to 2.11.3 Description Monsta FTP versions 2.11 and earlier contain a critical vulnerability that allows unauthenticated arbitrary file uploads, leading to remote code execution...

9.8CVSS8.5AI score0.72667EPSS
Exploits6References51
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2020-6218

Malware in sbrugna...

9.8CVSS9.4AI score0.0133EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-6219

Malware in sbrugna...

9.8CVSS9.4AI score0.02576EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-6217

Malware in sbrugna...

6.1CVSS6.3AI score0.00699EPSS
Exploits0References3
Rows per page
Query Builder