CVE-2026-28778

IDC SFX Series SuperFlex Satellite Receiver (IDC SFX2100) exposes undocumented hardcoded credentials for the xd user, enabling remote FTP access. The xd user’s home directory contains root‑executed binaries and related symlinks (e.g., xdstartstop); an unauthenticated attacker could overwrite file...

CVE-2026-28778

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

PT-2026-22881

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver affected versions not specified Description The IDC SFX Series SuperFlex Satellite Receiver is affected by hardcoded, insecure credentials for the xd user accoun...

CVE-2024-58299

PCMan FTP Server 2.0 has a buffer overflow in the pwd command that allows remote code execution. The flaw is stack-based and can be triggered during FTP login, potentially before authentication, per multiple sources. Affected component: pwd handling in PCMan FTP Server 2.0. Impact: arbitrary code...

CVE-2025-59980

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

CVE-2025-59980 Junos OS: When a user with the name ftp or anonymous is configured unauthenticated filesystem access is allowed

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

EUVD-2005-3795

Malware in sbrugna...

EUVD-2007-5407

Malware in sbrugna...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Tp-Link Vn020_F3V_Firmware

Critical FTP Server Vulnerability in TP-Link VN020-F3vT Rout...

CVE-2020-25785

An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure...

Accfly Wireless Security IR Camera System 720P Software 缓冲区错误漏洞

Accfly Wireless Security IR Camera System 720P Software is an application from Accfly USA for controlling this camera. A buffer overflow vulnerability exists in Accfly Wireless Security IR Camera System 720P Software versions v3.10.73 through v4.15.77, which stems from an unauthenticated...

freeFTP 1.0.8 - Remote Buffer Overflow Exploit

Exploit Title: freeFTP 1.0.8 - Remote Buffer Overflow Author: Chet Manly Software Link: https://download.cnet.com/FreeFTP/3000-21604-10047242.html Version: 1.0.8 CVE: N/A from ftplib import FTP buf = "" buf += "\x89\xe1\xdb\xdf\xd9\x71\xf4\x5e\x56\x59\x49\x49\x49" buf +=...

freeFTP 1.0.8 Remote Buffer Overflow

Exploit Title: freeFTP 1.0.8 - Remote Buffer Overflow Date: 2019-09-01 Author: Chet Manly Software Link: https://download.cnet.com/FreeFTP/3000-21604-10047242.html Version: 1.0.8 CVE: N/A from ftplib import FTP buf = "" buf += "\x89\xe1\xdb\xdf\xd9\x71\xf4\x5e\x56\x59\x49\x49\x49" buf +=...

CVE-2017-10601

A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically...

FEI news router K1 information disclosure vulnerability

Reference source: FEI news mainstream router K1 loopholes and collect user information FEI news PSG1208K1is Fibonacci Telecommunications Company, the main push of a home router product, we through the analysis of a router firmware find there are a lot of problems. First, we use a firmware analysi...

[Password Sniffer Console] Password Sniffing Tool to capture Email, Web and FTP login passwords

Password Sniffer Console is the all-in-one command-line based Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network. It automatically detects the login packets on network for various protocols and instantly decodes the passwords. Here is the list of...

Schneider Modicon Quantum Password Recovery

The Schneider Modicon Quantum series of Ethernet cards store usernames and passwords for the system in files that may be retrieved via backdoor access. This module is based on the original 'modiconpass.rb' Basecamp module from DigitalBond. This module requires Metasploit:...

Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453

Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Web commands injection through FTP Login in Synology Disk Station CVE-2010-2453 INTRODUCTION Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network...

Synology Disk Station Code Execution / Cross Site Request Forgery / Cross Site Scripting

Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Web commands injection through FTP Login in Synology Disk Station CVE-2010-2453 INTRODUCTION Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network...

serv-u8 本地提权漏洞

Su8的管理平台是http的，继承了su7的方式。 抓包，分析，发现了以下路程是可以利用的。 1， 管理员从管理控制台打开web页面时，是不需要验证密码的。 2， 管理员如果用某URL打开web页面时，虽然需要输入密码，但是无论输入什么，都可以进入。“/?Session=39893&Language=zh,CN&LocalAdmin=1” 3， 管理员可以添加用户有两种，一种是全局用户，一种是某个域下的用户。而权限设置也是两种，一种是全局，一种是针对用户。 4， 管理员添加了用户的这个包和设置权限这个包，是分开的。 所以，我可以抓包然后转换成php的socket连接post出去。...