CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

PSF-2026-24

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

CVE-2026-41324

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...

CVE-2026-41324 basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...

CVE-2026-41324

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...

PT-2026-33810

Summary [email protected] is vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to Client.list, causing the client process to...

CVE-2026-39983

Summary: CVE-2026-39983 affects the Node.js FTP client package basic-ftp prior to v5.2.1. The vulnerability arises from FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level APIs (cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), removeDir()). Th...

FileZilla 日志信息泄露漏洞

FileZilla is an open-source FTP/SFTP client for the Windows platform, developed by FileZilla. Version 3.40.0 of FileZilla contains a vulnerability related to log information disclosure. This vulnerability stems from a denial-of-service vulnerability in the local search function, which could allow...

SUSE CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

UBUNTU-CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.161-2.6.12.0.0.1.el7.AXS7 (AXSA:2017-2478:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2478:04 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...

CVE-1999-0914

Buffer overflow in the FTP client in the Debian GNU/Linux netstd package...

CVE-1999-0097

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters e.g. a pipe character...

CVE-2022-50799

CVE-2022-50799 affects Fetch FTP Client 5.8.2. The vulnerability is a denial-of-service caused by processing long FTP server responses (>2 KB) that can drive 100% CPU usage and potentially crash the application. Multiple connected sources corroborate the issue and describe the impact as networ...

CVE-2018-25143

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root...

EUVD-2020-30844

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality,...

Sony IPELA Network Camera 缓冲区错误漏洞

Sony IPELA Network Camera is a webcam from Sony Japan. A buffer error vulnerability exists in Sony IPELA Network Camera version 1.82.01, which stems from a stack buffer overflow in the ftpclient.cgi endpoint that could lead to remote code execution...

PT-2025-50509

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality,...

EUVD-2003-1359

Malware in sbrugna...

EUVD-1999-1318

Malware in sbrugna...