CVE-2026-39983

Summary: CVE-2026-39983 affects the Node.js FTP client package basic-ftp prior to v5.2.1. The vulnerability arises from FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level APIs (cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), removeDir()). Th...

basic-ftp has FTP Command Injection via CRLF

Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...

CVE-2009-4769

Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow 1 remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow 2 remote authenticated users t...

CVE-2021-41636

MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply...

CVE-1999-0349

A buffer overflow in the FTP list ls command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands...

EUVD-2004-2359

Malware in sbrugna...

EUVD-2013-0487

Malware in sbrugna...

EUVD-1999-0082

Malware in sbrugna...

EUVD-2009-3630

Malware in sbrugna...

EUVD-2010-0027

Malware in sbrugna...

EUVD-2007-6115

Malware in sbrugna...

EUVD-2004-1635

Malware in sbrugna...

EUVD-2007-2502

Malware in sbrugna...

EUVD-2007-2398

Malware in sbrugna...

EUVD-1999-0824

Malware in sbrugna...

EUVD-2005-1875

Malware in sbrugna...

EUVD-2007-1725

Malware in sbrugna...

EUVD-2007-0428

Malware in sbrugna...

EUVD-2024-50789

Malicious code in bioql PyPI...

Hidden Functionality

Overview Affected versions of this package are vulnerable to Hidden Functionality via a hidden FTP command trigger in the process. An attacker can execute arbitrary shell commands with root privileges by sending a specially crafted FTP command. Remediation Upgrade proftpd/proftpd to version 1.3.3...