CVE-2026-7876 Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19...

CVE-2026-8180

CVE-2026-8180 affects IBM Aspera High-Speed Transfer Endpoint (3.7.4–4.4.7 FP1) and Server (3.7.4–4.4.7 FP1). The asperahttpd component is vulnerable to a denial-of-service that allows an unauthenticated user to crash the asperahttpd service. The connected IBM security bulletin enumerates multipl...

IBM Aspera High-Speed Transfer Endpoint和IBM Aspera High-Speed Transfer Server 代码问题漏洞

IBM Aspera High-Speed Transfer Endpoint and IBM Aspera High-Speed Transfer Server are products of American International Business Machines Corporation IBM. The IBM Aspera High-Speed Transfer Endpoint is a high-speed file transfer and data exchange node service. The IBM Aspera High-Speed Transfer...

PT-2026-43991

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

Security Bulletin: Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)

Summary IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration CP4I 1.5.20 has addressed an authentication vulnerability that may allow access to files in the local server storage. Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server for CP4i i...

Security Bulletin: Multiple vulnerabilities in Aspera applications.

Summary Multiple vulnerabilities were addressed in IBM Aspera High-Speed Transfer Endpoint 4.4.7 Fix Pack 2 and IBM Aspera High-Speed Transfer Server 4.4.7 Fix Pack 2 Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server and IBM Aspera High-Speed Transfer...

[SECURITY] Fedora 43 Update: proftpd-1.3.9a-1.fc43

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

CVE-2019-25681 Xlight FTP Server 3.9.1 SEH Overwrite Buffer Overflow

Xlight FTP Server 3.9.1 contains a structured exception handler SEH overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual...

EUVD-2018-21710

FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter...

PT-2026-29012

FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter...

CVE-2026-1958 Hard-coded passwords in KlinikaXP

Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious...

CVE-2019-25619

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite t...

CVE-2019-25619 FTP Shell Server 6.83 Buffer Overflow via Account Name

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite t...

CVE-2026-4205

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function...

CVE-2025-41710

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

CVE-2025-41710

CVE-2025-41710 describes an unauthenticated remote access issue where an attacker may use hard-coded credentials to reach a previously activated FTP server with limited read/write privileges. The CVSSv3.1 base score is 6.5 (Medium) with network attack vector, low attack complexity, and no user in...

PT-2026-24184

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

SolarWinds Serv-U 代码问题漏洞

SolarWinds Serv-U is an FTP File Transfer Protocol server software developed by the American company SolarWinds. SolarWinds Serv-U has a code vulnerability that stems from type confusion, which may lead to the execution of arbitrary local code...

CVE-2020-36994 QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service

QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionali...

📄 Monsta FTP DownloadFile Remote Code Execution

This Metasploit module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions prior to 2.11.3. The vulnerability exists in the downloadFile action which allows an attacker to connect to a malicious FTP or SFTP server and download arbitrary files to arbitrary...