15 matches found
UBUNTU-CVE-2026-48858
Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...
ROOT-APP-NPM-GHSA-RP42-5VXX-QPWR GHSA-rp42-5vxx-qpwr in @rootio/basic-ftp - Patched by Root
Root has patched GHSA-rp42-5vxx-qpwr in the @rootio/basic-ftp package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44240 CVE-2026-44240 in @rootio/basic-ftp - Patched by Root
Root has patched CVE-2026-44240 in the @rootio/basic-ftp package for Root:npm. Multiple fixed versions available...
Linux Distros Unpatched Vulnerability : CVE-2026-8328
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with...
CVE-2026-8328
The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...
CVE-2026-8328
The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...
PSF-0000-CVE-2026-8328
The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...
UBUNTU-CVE-2026-44240
basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2026-27699)
Summary There are vulnerabilities in basic-ftp-5.0.3.tgz, basic-ftp-5.0.5.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27699. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-27699 DESCRIPTION: The basic-ftp FTP client library for Node.js...
CLSA-2022-1649348075 Fix CVE(s): CVE-2021-4189
SECURITY UPDATE: Expose sensitive information - debian/patches/CVE-2021-4189.patch: alters ftplib.FTP class behavior to not trust the IPv4 address sent from the remote server when setting up a passive data channel in resposne in Lib/ftplib.py, Lib/test/testftplib.py. - CVE-2021-4189...
CLSA-2022-1649170553 Fix CVE(s): CVE-2021-4189
SECURITY UPDATE: Expose sensitive information - debian/patches/CVE-2021-4189.patch: alters ftplib.FTP class behavior to not trust the IPv4 address sent from the remote server when setting up a passive data channel in resposne in Lib/ftplib.py, Lib/test/testftplib.py. - CVE-2021-4189...
The vulnerability in the implementation of the Net::FTP class in the Ruby interpreter allows a hacker to gain unauthorized access to protected information.
The vulnerability in the implementation of the Net::FTP class in Ruby is related to deficiencies in protecting service data using the PASV command. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
UBUNTU-CVE-2013-1752
Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service memory consumption via a long string, related to 1 httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; 2 ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; 3 imaplib - not y...
Tandberg MXP F7.0 - USER Remote Buffer Overflow (PoC)
Tandberg MXP F7.0 - USER Remote Buffer Overflow PoC TANDBERG BoF v0.1 - Tandberg MXP F7.0 Buffer Overflow Vulnerability PoC By otokoyama + We crash the process FtpCt00 by sending a 251 char string of /x20 commonly known as a blank space.very simple + The BOF happens due to the system passing all...
HP Tru64 4.05.1 - POSIX Threads Library Privilege Escalation
HP Tru64 4.05.1 - POSIX Threads Library Privilege Escalation source: https://www.securityfocus.com/bid/21035/info HP Tru64 is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. Successful exploits...