72 matches found
EUVD-2017-15926
Malware in sbrugna...
EUVD-2015-3999
Malware in sbrugna...
The vulnerability of the SolarWinds Serv-U File Server file server arises from incorrect path name restrictions for the restricted access directory, allowing a hacker to execute arbitrary code.
The vulnerability of the SolarWinds Serv-U File Server file server is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by connecting to port 21...
Janitza UMG Power Quality Measuring Credentials Management Errors (CVE-2015-3968)
The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Schneider Electric Web Server on Modicon M340 Out-of-Bounds Write (CVE-2020-7563)
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...
Backdoor.Win32.FTP.Matiteman Weak Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fc8eaa2a5752b509dbd02989d8d9f2e2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Matiteman Vulnerability: Weak Hardcoded Password Description: The malware listens...
Backdoor.Win32.Delf.um Authentication Bypass / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d5256768a01a0e7c2ad5ba1264777f71.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.um Vulnerability: Authentication Bypass RCE Description: The malware runs an FTP...
Backdoor.Win32.NerTe.a Authentication Bypass / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/125364b0cdae80c10f00b75c8e2cfa47.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NerTe.a Vulnerability: Authentication Bypass RCE Description: The malware listens on...
Backdoor.Win32.Pazus.18 Authentication Bypass / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5be13eb16018ab69157f8c8e96e7d6bf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Pazus.18 Vulnerability: Authentication Bypass RCE Description: Pazus malware listens ...
Backdoor.Win32.Delf.zho Authentication Bypass / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6b9f5a0512af3ab33c26eaa4bdf94f1f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.zho Vulnerability: Authentication Bypass RCE Description: The malware listens on...
Backdoor.Win32.MotivFTP.12 Authentication Bypass / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/88785a093b8fa00893214dd220ac255d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.MotivFTP.12 Vulnerability: Authentication Bypass RCE Description: The malware listens...
glFTPd 2.11a - Remote Denial of Service Exploit
Exploit Title: glFTPd 2.11a - Remote Denial of Service Exploit Author: xynmaps Vendor Homepage: https://glftpd.io/ Software Link: https://glftpd.io/files/glftpd-LNX-2.11a1.1.1kx64.tgz Version: 2.11a Tested on: Parrot Security OS 5.9.0 ------------------------------- encoding=utf8 author =...
glFTPd 2.11a - Remote Denial of Service
Exploit Title: glFTPd 2.11a - Remote Denial of Service Date: 15/05/2021 Exploit Author: xynmaps Vendor Homepage: https://glftpd.io/ Software Link: https://glftpd.io/files/glftpd-LNX-2.11a1.1.1kx64.tgz Version: 2.11a Tested on: Parrot Security OS 5.9.0 ------------------------------- encoding=utf8...
CVE-2020-10288
IRC5 exposes an ftp server port 21. Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted...
Siemens SIMATIC CP 1543-1
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC CP 1543-1 Vulnerabilities: Improper Access Control, Loop with Unreachable Exit Condition 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
Windows Firewall Denial of Service Vulnerability
A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol FTP connections. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit the vulnerability, an unauthenticated attacker could send specially...
Design/Logic Flaw
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The...
CVE-2018-10070
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The...
CVE-2018-10070
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The...
MikroTik 6.41.4 - FTP daemon Denial of Service PoC
MikroTik 6.41.4 - FTP daemon Denial of Service PoC Title: MikroTik 6.41.4 Denial of service FTP daemon crash CVE: CVE-2018-10070 CWE: CWE-400 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://mikrotik.com/ Version : 6.41.4 Released 2018-Apr-05 | All Version Date: 13-05-2018...