1555 matches found
CVE-2024-39793
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39795
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39795
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39793
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39794
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39794
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39793
CVE-2024-39793 affects the Wavlink AC3000 (M33A8.V5030.210505) nas.cgi set_nas() proftpd functionality. An authenticated HTTP request can inject configuration data via ftp_name (and related ftp_* fields), writing to nvram and ultimately generating a proftpd.conf through storage.sh ftp → proftpd.s...
PT-2025-2573 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple external config control vulnerabilities exist in the nas.cgi set nas proftpd functionality. A specially crafted HTTP request can lead to permission bypass. An attacker can make a...
PT-2025-2572 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple external config control vulnerabilities exist in the nas.cgi set nas proftpd functionality. A specially crafted HTTP request can lead to permission bypass. An attacker can make a...
Wavlink AC3000 nas.cgi set_nas() proftpd Configuration Control Vulnerabilities
Talos Vulnerability Report TALOS-2024-2053 Wavlink AC3000 nas.cgi setnas proftpd Configuration Control Vulnerabilities January 14, 2025 CVE Number CVE-2024-39793,CVE-2024-39795,CVE-2024-39794 SUMMARY Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionalit...
proftpd-1.3.8c-1.1 on GA media (moderate)
proftpd-1.3.8c-1.1 on GA media Announcement ID: openSUSE-SU-2025:14636-1 Rating: moderate Cross-References: CVE-2024-48651 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the proftpd-1.3.8c-1....
OPENSUSE-SU-2025:14636-1 proftpd-1.3.8c-1.1 on GA media
These are all security issues fixed in the proftpd-1.3.8c-1.1 package on the GA media of openSUSE Tumbleweed...
Debian: Security Advisory (DSA-5827-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5827-1] proftpd-dfsg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5827-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 10, 2024 https://www.debian.org/security/faq -...
Debian dsa-5827 : proftpd-basic - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5827 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5827-1 [email protected] https://www.debian.org/security/...
DSA-5827-1 proftpd-dfsg - security update
Bulletin has no description...
OESA-2024-2508 proftpd security update
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
The vulnerability of the mod_sql component in the ProFTPD FTP server allows a hacker to increase their privileges.
The vulnerability of the modsql component in the ProFTPD FTP server is related to errors in privilege management. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the root user level...
Debian: Security Advisory (DLA-3975-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2024-48651
In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...