Lucene search
+L

64 matches found

Cvelist
Cvelist
added 2025/07/18 12:0 a.m.17 views

CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...

9CVSS0.92034EPSS
Exploits7References5
CVE
CVE
added 2025/07/18 12:0 a.m.170 views

CVE-2025-54309

CVE-2025-54309 affects CrushFTP 10.x prior to 10.8.5 and 11.x prior to 11.3.4_23. The flaw resides in AS2 validation/HTTP session handling (DMZ proxy handling) that can let remote attackers gain admin access via HTTPS, historically exploited in the wild around July 2025. Multiple public PoCs/expl...

9.8CVSS7.2AI score0.92034EPSS
In wildExploits7References6Affected Software1
Openbugbounty
Openbugbounty
added 2024/03/15 11:16 a.m.5 views

as2.com.br Cross Site Scripting vulnerability OBB-3873551

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/11/20 12:0 a.m.9 views

The vulnerability of the Object Attribute Handler component in the cross-platform FTP server CrushFTP allows a hacker to execute arbitrary code.

The vulnerability of the Object Attribute Handler component in the cross-platform FTP server CrushFTP is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests containing AS2 headers...

10CVSS8.4AI score0.81801EPSS
Exploits7References4Affected Software1
vulnersOsv
vulnersOsv
added 2023/07/05 3:30 a.m.10 views

org.apache.camel.quarkus:camel-quarkus-as2 (>=3.0.0-M1 <=3.0.0-M2), org.apache.camel.quarkus:camel-quarkus-as2-deployment (>=3.0.0-M1 <=3.0.0-M2) +3 more potentially affected by CVE-2023-33201 via org.bouncycastle:bcprov-debug-jdk18on (>=1.71 <=1.72)

org.bouncycastle:bcprov-debug-jdk18on MAVEN version =1.71, =3.0.0-M1, =3.0.0-M1, =3.18.0, =3.18.0, =3.18.0, =4.0.0-M3 Source cves: CVE-2023-33201 Source advisory: OSV:GHSA-HR8G-6V94-X4M9...

5.3CVSS6.7AI score0.00772EPSS
Exploits0
NVD
NVD
added 2021/06/18 11:15 a.m.25 views

CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves via encryption and signing of the message can be bypassed by changing the Content-Type of the message to text/plain...

5.3CVSS0.00585EPSS
Exploits1References2
NVD
NVD
added 2021/06/18 11:15 a.m.24 views

CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...

9.8CVSS0.01549EPSS
Exploits1References2
OSV
OSV
added 2021/06/18 11:15 a.m.3 views

CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...

9.8CVSS7.4AI score0.01549EPSS
Exploits1References2
Prion
Prion
added 2021/06/18 11:15 a.m.20 views

Path traversal

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...

7.5CVSS9.3AI score0.01549EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/06/18 10:53 a.m.145 views

CVE-2021-33577

CVE-2021-33577 affects Cleo LexiCom 5.5.0.0. The issue allows bypass of the sender authentication for AS2 messages (encryption and signing) by changing the Content-Type to text/plain. This is the root cause reported across multiple sources (NVD/Red Hat/CNNVD). No remediation details are provided ...

5.3CVSS5.3AI score0.00585EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/06/18 10:53 a.m.45 views

CVE-2021-33576

CVE-2021-33576 affects Cleo LexiCom 5.5.0.0. The root cause is that an AS2 message can carry a filename containing path-traversal characters, enabling the attacker to write files to arbitrary locations on disk. The issue is documented across multiple sources (NVD, Red Hat, CVE lists). According t...

9.8CVSS9.2AI score0.01549EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/06/18 10:53 a.m.25 views

CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...

9.6AI score0.01549EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 1:14 a.m.18 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Sterling Connect:Enterprise for UNIX (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Sterling Connect:Enterprise for UNIX when using the AS2 or WebDAV protocols. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...

4.3CVSS0.2AI score0.9986EPSS
Exploits1Affected Software1
Openbugbounty
Openbugbounty
added 2018/05/04 5:36 p.m.6 views

as2.macromgt.com XSS vulnerability

Open Bug Bounty ID: OBB-612125 Description| Value ---|--- Affected Website:| as2.macromgt.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/11/08 12:0 a.m.28 views

Adobe Flash AS2 extends Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AS2'...

6.8CVSS1.8AI score0.07041EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2016/02/10 12:51 p.m.13 views

as2.ori.nic.in XSS vulnerability

Vulnerable URL: http://as2.ori.nic.in:8080/web/bus.jsp?msg=%27%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 16:27 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

6.3AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2015/12/08 12:0 a.m.25 views

Adobe Flash AS2 MovieClip lineTo Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the MovieClip object...

6.8CVSS8.8AI score0.06538EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2015/12/08 12:0 a.m.23 views

Adobe Flash AS2 Selection setFocus Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

6.8CVSS8.8AI score0.06538EPSS
Exploits0References1
myhack58
myhack58
added 2015/12/07 12:0 a.m.26 views

Adobe Flash AS2 MovieClip setMask after the release of the heavy interest with a remote code execution vulnerability(CVE-2 0 1 5-7 6 6 0)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-7 6 6 0 FlashPlayer is a high-performance, lightweight and extremely expressive client runtime player. Adobe Flash setMask method in the presence of security vulnerabilities. By manipulating the transfer to the setMask method's parameter, the attacker can force the use of h...

0.8AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2015/11/10 12:0 a.m.28 views

Adobe Flash AS2 Sound attachSound Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

6.8CVSS6.4AI score0.06171EPSS
Exploits0References1
Rows per page
Query Builder