[SECURITY] Fedora 44 Update: proftpd-1.3.9a-2.fc44

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

CVE-1999-0527

The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten...

EUVD-1999-0525

Malware in sbrugna...

EUVD-2001-1394

Malware in sbrugna...

EUVD-1999-1392

Malware in sbrugna...

EUVD-1999-0496

Malware in sbrugna...

EUVD-2007-1725

Malware in sbrugna...

EUVD-2004-1884

Malware in sbrugna...

EUVD-2001-0778

Malware in sbrugna...

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild

A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 CVSS score: 10.0, is a case of improper handling of null '\0' bytes in the server's web interface,...

VulnCheck KEV: CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

CVE-2024-36443

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP...

CVE-2004-1891

The ftpsyslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged...

CVE-1999-0497

Anonymous FTP is enabled...

[SECURITY] Fedora 40 Update: proftpd-1.3.8c-3.fc40

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

DiCal-RED 4009 Missing Authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-036 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Missing Authentication for Critical Function CWE-306 Risk Level: High Solution Status: Open...

PT-2024-27003 · Swissphone · Swissphone Dical-Red 4009

Name of the Vulnerable Software and Affected Versions: Swissphone DiCal-RED 4009 version not specified Description: The issue allows a remote attacker to gain read access to almost the whole file system via anonymous FTP. This could potentially expose sensitive data. There is no information...

This One Time on a Pen Test: How I Hacked a Self-Driving Car

Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report. An...