40 matches found
CVE-2026-48858 ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks
Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...
Erlang/OTP -- FTP passive-mode client does not validate server response IP
https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports: The FTP client in passive mode did not validate the IP address returned in the server's response, allowing a compromised or malicious server to redirect the data connection to an arbitrary host. This enables server-sid...
EUVD-2008-0313
Malware in sbrugna...
EUVD-2010-0021
Malware in sbrugna...
EUVD-2025-9667
Malicious code in bioql PyPI...
CVE-2025-25061
Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...
CVE-2025-25061
Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...
CVE-2025-25061
Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...
CVE-2025-25061
CVE-2025-25061 affects JTEKT/HMI ViewJet C-more and HMI GC-A2 series. Description: an unintended proxy/intermediary (Confused Deputy) vulnerability could allow a remote unauthenticated attacker to use the product as an intermediary for an FTP bounce attack. Impact: attacker may misuse the product...
CVE-2025-25061
Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...
JTEKT ELECTRONICS HMI ViewJet C-more 安全漏洞
JTEKT ELECTRONICS HMI ViewJet C-more is a series of human-machine interfaces from JTEKT ELECTRONICS, Japan. A security vulnerability exists in JTEKT ELECTRONICS HMI ViewJet C-more that stems from a proxy issue that could lead to an FTP bounce attack...
Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/fc100ff65f676a26293915407adc211cB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Lana.01.d Vulnerability: Port Bounce Scan MITM Description: The malware listens ...
Filezilla FTP server bounce attack
DATA connection IP address is not restricted...
CVE-2007-6741
The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...
CVE-2007-6741
The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...
CVE-2007-6741
CVE-2007-6741 affects the pyftpdlib FTP server: the FTPServer.py ftp_PORT function before version 0.2.0 does not block TCP connections to privileged ports when the destination IP matches the connection’s source IP, enabling potential FTP bounce attacks against NATs by remote authenticated users. ...
Multiple FTP clients FTP bounce attack
Passive FTP implementation in multiple client allows to use FTP bounce attack for port scanning...
Kyocera FTP Bounce
Kyocera FTP Server Bounce Attack Version: I've tested this vulnerability to MontaVista Linux 3.0, Professional Edition Linux/ppc 2.4.18mvl30-kmmfp embedded in Kyocera's printer FS-118MFP but I suppose that other Kyocera printers may be vulnerable Vulnerability: FTP Bounce Attack Risk: Critical...
NEC MultiWriter 1700C/7500C FTP server vulnerability
Overview NEC printers contain a vulnerability which allow connection to external FTP servers via the printer's internal FTP server. Although the printer's FTP server can connect to a target FTP server, it cannot send files to a target FTP server. Impact A remote attacker could possibly conduct a...
[Full-disclosure] Canon Multi Function Devices vulnerable to FTP bounce attack
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Indiana University Security Advisory: Canon Multi Function Devices vulnerable to FTP bounce attack. Advisory ID: 20080229 Canon MFD FTP bounce attack Advisory revisions: 02-29-2008 0500 UTC 1.0 Initial Public Release Credit/acknowledgement:...