GHSA-6V7Q-WJVX-W8WG basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands

Summary basic-ftp's CRLF injection protection added in commit 2ecc8e2 for GHSA-chqc-8p9q-pq6q is incomplete. Two code paths bypass the protectWhitespace control character check: 1 the login method directly concatenates user-supplied credentials into USER/PASS FTP commands without any validation,...

(0Day) Microsoft Windows dir Command Improper Character Neutralization Vulnerability

This vulnerability allows remote attackers to display misleading terminal output on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2025-4844

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the publi...

PCMan FTP Server 安全漏洞

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from the MDIR command handler failing to properly validate the length of input data, which can be exploited by an attacker to cause a denial of service...

PCMan FTP Server 安全漏洞

PCMan FTP Server is a lightweight FTP server software that provides basic file transfer functionality. PCMan FTP Server suffers from a buffer overflow vulnerability that stems from the CD Command Handler component failing to properly validate input data when processing a specific request. An...

PCMan FTP Server 安全漏洞

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that stems from the CDUP Command Handler not checking the input for valid length when processing CDUP commands, no details of the vulnerability are provided at this time...

CVE-2024-51450

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

PT-2024-10548 · Easyftp · Easyftp

Name of the Vulnerable Software and Affected Versions: EasyFTP version 1.7.0.2 Description: A critical issue was found in the MKD Command Handler component, which can be exploited remotely. The manipulation leads to a buffer overflow. Recommendations: For EasyFTP version 1.7.0.2, at the moment,...

Huawei SmartAX MT882 Denial of Service Vulnerability (CNVD-2016-01127)

Huawei SmartAX MT882 is a router product. A denial of service vulnerability in GlobespanVirata ftpd 1.0 in the Huawei SmartAX MT882 device V200R002B022 Arg allows remote users to create directories with longer names using the FTP MKD command, and then cause a denial of service with other commands...

PT-2005-1982 · Mtftpd · Mtftpd

Name of the Vulnerable Software and Affected Versions: mtftpd version 0.0.3 Description: The issue is related to a format string vulnerability in the log do function in log.c. This vulnerability can be exploited when the statistics option is enabled, allowing remote attackers to execute arbitrary...

Hyperion Ftp Server buffer overflow

Buffer overflow in dir command...