Astra Linux - уязвимость в python2.7, python3.7

A flaw was discovered in Python, specifically in the FTP File Transfer Protocol client library when operating in PASV passive mode. The issue arises from how the FTP client defaults to trusting the host based on the PASV response. This flaw allows an attacker to create a malicious FTP server that...

CVE-2026-39983 FTP Command Injection via CRLF in basic-ftp

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

CVE-2019-25361 Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

Fetch 安全漏洞

Fetch is an FTP file transfer client from Fetch USA. A security vulnerability exists in Fetch version 5.8.2, which stems from consuming 100% CPU while processing an extremely long server response, which may result in a denial of service...

PT-2025-53363

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root...

ROS-20251216-7307

A vulnerability in the FTP Client component of the Apache Commons Net library is related to the use of open redirection with insufficient input data validation during PASV response processing. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected...

CVE-2020-36885 Sony IPELA Network Camera 1.82.01 Remote Stack Buffer Overflow via ftpclient.cgi

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality,...

CVE-2010-20034

Gekko Manager FTP Client = 0.77 contains a stack-based buffer overflow in its FTP directory listing parser. When processing a server response to a LIST command, the client fails to properly validate the length of filenames. A crafted response containing an overly long filename can overwrite the...

USN-6037-1 Apache Commons Net vulnerability

ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private...

CVE-2020-9413

CVE-2020-9413 affects TIBCO Managed File Transfer Command Center (CC) and Internet Server (IS) up to version 8.2.1 and earlier. The vulnerability resides in the MFT Browser file transfer and MFT Browser admin client components, allowing an attacker to craft a URL that, when visited by an authenti...

FlashFXP Local Denial of Service Vulnerability

FlashFXP is a popular FTP client program. FlashFXP suffers from a local denial of service vulnerability. An attacker can exploit the vulnerability to cause a denial of service attack...

Core FTP Buffer Overflow Vulnerability (CNVD-2019-30906)

Core FTP is a set of free FTP client software from the Core FTP community. The software supports file uploads, downloads, renewals and more. Core FTP suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service...

OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)

It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...

Ayukov NFTPD Buffer Overflow Vulnerability

Ayukov NFTPD is a file transfer protocol client. A buffer overflow vulnerability exists in Ayukov NFTPD 2.0 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary code...

OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)

It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

Core FTP LE- 'SSH/SFTP' Remote Buffer Overflow Vulnerability

Core FTP LE is a free FTP client. Core FTP LE- 'SSH/SFTP' suffers from a remote buffer overflow vulnerability. When connecting to a malicious server using the SSH / SFTP protocol. Allows remote attackers to exploit the vulnerability to execute arbitrary code or launch a denial of service attack...

Jildi FTP Client Local Buffer Overflow Vulnerability

Jildi FTP Client is a set of FTP client programs that run on Windows systems. A local buffer overflow vulnerability exists in Jildi FTP Client that could be exploited by an attacker to crash the application or execute arbitrary code...

LFTP Man-in-the-Middle Information Disclosure Vulnerability

LFTP is a multi-platform , multi-mode ftp, ftps, http, https, hftp, etc. based on the command line FTP client . LFTP suffers from a man-in-the-middle information disclosure vulnerability, which allows attackers to exploit this vulnerability to conduct man-in-the-middle attacks and obtain sensitiv...

Attachmate Reflection FTP Client Stack Buffer Overflow Vulnerability

Attachmate Reflection is a Unix terminal emulation software. A stack buffer overflow vulnerability exists in the Attachmate Reflection FTP client, which allows an attacker to exploit the vulnerability to execute arbitrary code within the context of the application...