CVE-2026-32713 PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...

EUVD-2026-12174

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...

EUVD-2016-2539

Malware in sbrugna...

EUVD-2014-4669

Malware in sbrugna...

EUVD-2014-2159

Malware in sbrugna...

EUVD-2010-2970

Malware in sbrugna...

CVE-2002-2245

ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session...

CVE-1999-0202

The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands...

Exploit for CVE-2022-31749

Hook Hook exploits a parameter injection vulnerability in the...

Saia PCDx Credentials Management Errors (CVE-2015-7911)

Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via...

CVE-2020-10808

Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...

Command injection

Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...

May 28, 2019—KB4499162 (OS Build 15063.1839)

May 28, 2019—KB4499162 OS Build 15063.1839 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...

May 21, 2019—KB4497934 (OS Build OS 17763.529)

May 21, 2019—KB4497934 OS Build OS 17763.529 Starting with update KB4497934, we are introducing functionality that allows you to decide when to install a feature update. You control when you get a feature update while simultaneously keeping your devices up to date. Feature updates that are...

Hardcoded credentials

TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session...

CVE-2014-8579

TRENDnet TEW-823DRU devices running firmware before 1.00b36 are affected by a hardcoded root password (kcodeskcodes), which enables remote attackers to gain root access via FTP. Affected product: TRENDnet TEW-823DRU router. Root cause: hardcoded credential in firmware. Impact: unauthenticated rem...

CVE-2014-8579

TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session...

Design/Logic Flaw

The proxy process on Cisco Web Security Appliance WSA devices through 9.1.0-070 allows remote attackers to cause a denial of service CPU consumption by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468...

CVE-2016-1440

The proxy process on Cisco Web Security Appliance WSA devices through 9.1.0-070 allows remote attackers to cause a denial of service CPU consumption by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468...

CVE-2015-7911

Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via...