10 matches found
Exploit for Unprotected Alternate Channel in Crushftp
š„ CVE-2025-54309 - CrushFTP Unauthenticated Remote Command Exe...
CrushFTP Unprotected Alternate Channel Vulnerability
CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS...
CVE-2025-54309
CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...
CVE-2025-54309
CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...
PT-2025-30081
Name of the Vulnerable Software and Affected Versions CrushFTP versions prior to 10.8.5 and 11.3.4 23 Description CrushFTP is affected by a critical vulnerability that allows remote attackers to gain administrative access via HTTPS when the DMZ proxy feature is not used. This is due to improper...
CVE-2025-54309
CVE-2025-54309 affects CrushFTP 10.x prior to 10.8.5 and 11.x prior to 11.3.4_23. The flaw resides in AS2 validation/HTTP session handling (DMZ proxy handling) that can let remote attackers gain admin access via HTTPS, historically exploited in the wild around July 2025. Multiple public PoCs/expl...
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...
Format string
Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields,...
CVE-2011-2475
Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields,...
CVE-2011-2475
CVE-2011-2475 involves a format string vulnerability in ECTrace.dll, used by the iMailGateway service of the Internet Mail Gateway in Sybase OneBridge Mobile Data Suite (versions 5.5 and 5.6). The flaw allows remote attackers to execute arbitrary code through improperly filtered input in authenti...