64 matches found
CVE-2025-54309
CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...
CVE-2025-54309
CVE-2025-54309 affects CrushFTP 10.x prior to 10.8.5 and 11.x prior to 11.3.4_23. The flaw resides in AS2 validation/HTTP session handling (DMZ proxy handling) that can let remote attackers gain admin access via HTTPS, historically exploited in the wild around July 2025. Multiple public PoCs/expl...
as2.com.br Cross Site Scripting vulnerability OBB-3873551
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
The vulnerability of the Object Attribute Handler component in the cross-platform FTP server CrushFTP allows a hacker to execute arbitrary code.
The vulnerability of the Object Attribute Handler component in the cross-platform FTP server CrushFTP is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests containing AS2 headers...
org.apache.camel.quarkus:camel-quarkus-as2 (>=3.0.0-M1 <=3.0.0-M2), org.apache.camel.quarkus:camel-quarkus-as2-deployment (>=3.0.0-M1 <=3.0.0-M2) +3 more potentially affected by CVE-2023-33201 via org.bouncycastle:bcprov-debug-jdk18on (>=1.71 <=1.72)
org.bouncycastle:bcprov-debug-jdk18on MAVEN version =1.71, =3.0.0-M1, =3.0.0-M1, =3.18.0, =3.18.0, =3.18.0, =4.0.0-M3 Source cves: CVE-2023-33201 Source advisory: OSV:GHSA-HR8G-6V94-X4M9...
CVE-2021-33577
An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves via encryption and signing of the message can be bypassed by changing the Content-Type of the message to text/plain...
CVE-2021-33576
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...
CVE-2021-33576
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...
Path traversal
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...
CVE-2021-33577
CVE-2021-33577 affects Cleo LexiCom 5.5.0.0. The issue allows bypass of the sender authentication for AS2 messages (encryption and signing) by changing the Content-Type to text/plain. This is the root cause reported across multiple sources (NVD/Red Hat/CNNVD). No remediation details are provided ...
CVE-2021-33576
CVE-2021-33576 affects Cleo LexiCom 5.5.0.0. The root cause is that an AS2 message can carry a filename containing path-traversal characters, enabling the attacker to write files to arbitrary locations on disk. The issue is documented across multiple sources (NVD, Red Hat, CVE lists). According t...
CVE-2021-33576
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Sterling Connect:Enterprise for UNIX (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Sterling Connect:Enterprise for UNIX when using the AS2 or WebDAV protocols. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...
as2.macromgt.com XSS vulnerability
Open Bug Bounty ID: OBB-612125 Description| Value ---|--- Affected Website:| as2.macromgt.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Adobe Flash AS2 extends Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AS2'...
as2.ori.nic.in XSS vulnerability
Vulnerable URL: http://as2.ori.nic.in:8080/web/bus.jsp?msg=%27%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 16:27 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
Adobe Flash AS2 MovieClip lineTo Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the MovieClip object...
Adobe Flash AS2 Selection setFocus Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Adobe Flash AS2 MovieClip setMask after the release of the heavy interest with a remote code execution vulnerability(CVE-2 0 1 5-7 6 6 0)-vulnerability warning-the black bar safety net
CVECAN ID: CVE-2 0 1 5-7 6 6 0 FlashPlayer is a high-performance, lightweight and extremely expressive client runtime player. Adobe Flash setMask method in the presence of security vulnerabilities. By manipulating the transfer to the setMask method's parameter, the attacker can force the use of h...
Adobe Flash AS2 Sound attachSound Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...