EUVD-2026-34226

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

Windows BITS Jobs Persistence Scanner

This is a Windows BITS Job auditing tool that scans all Background Intelligent Transfer Service BITS tasks using bitsadmin, then analyzes them for suspicious behavior such as executable downloads, command execution cmd.exe, powershell, and remote URLs. It classifies jobs as normal or suspicious a...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

Windows Persistence Bits Job

This Metasploit module establishes persistence through a BITS job that downloads and executes a payload. Background Intelligent Transfer Service BITS is a Windows service for transferring files in the background using idle network bandwidth. BITS jobs are persistent and will resume across reboots...

OESA-2026-1666 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP...

CVE-2020-36983

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during syste...

CVE-2025-67737

CVE-2025-67737 affects AzuraCast versions 0.23.1, where an API endpoint intended for internal use by sftpgo was exposed in the public HTTP API (at /api/internal/sftp-event). A user with valid SFTP credentials and knowledge of the station’s internal filesystem can craft a tailored HTTP request to ...

CVE-2025-10639

The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code...

EUVD-2020-11999

Malware in sbrugna...

EUVD-2014-2241

Malware in sbrugna...

EUVD-2025-24055

Malicious code in bioql PyPI...

EUVD-2025-29079

Malicious code in bioql PyPI...

CVE-2025-8181

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...

CVE-2024-29309

An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service...

CVE-2020-1255

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

CVE-2020-1112

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

CVE-2020-0787

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

CVE-2020-7498

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

CVE-2024-8798

No proper validation of the length of user input in olcpindhandler in zephyr/subsys/bluetooth/services/ots/otsclient.c...

PT-2024-39262

Name of the Vulnerable Software and Affected Versions: Zephyr affected versions not specified Description: The issue is related to improper validation of the length of user input in the olcp ind handler function in zephyr/subsys/bluetooth/services/ots/ots client.c. This lack of validation can lea...