Lucene search
K

12693 matches found

Imperva Blog
Imperva Blog
added 2025/08/21 3:35 p.m.13 views

Smuggling Requests with Chunked Extensions: A New HTTP Desync Trick

A new HTTP request smuggling technique was recently discovered, where attackers take advantage of inconsistent parsing behaviors between front-end proxy servers and back-end application servers. This attack technique leverages ambiguous request formatting to inject malicious secondary requests th...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.6 views

PT-2025-34303 · Unknown · Seagull Ftp Client

Name of the Vulnerable Software and Affected Versions: Seagull FTP Client version 3.3 build 409 Description: Seagull FTP Client contains a stack-based buffer overflow in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command...

8.5CVSS7.8AI score0.00476EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.2 views

INFINITT PACS System Manager 代码问题漏洞

INFINITT PACS System Manager is a medical image archiving and transfer system from INFINITT Corporation. A code issue vulnerability exists in INFINITT PACS System Manager that originates from uploading an arbitrary file, which could lead to a system compromise...

6.3CVSS7AI score0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.2 views

Gekko Manager FTP Client 安全漏洞

Gekko Manager FTP Client is an FTP client software from Gekko Manager, Inc. A security vulnerability exists in Gekko Manager FTP Client version 0.77 and prior versions, which originates from the FTP directory listing parser not validating the length of filenames, and could lead to a stack buffer...

8.5CVSS7.4AI score0.00476EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.6 views

PT-2025-34306 · Ftppad · Ftppad

Name of the Vulnerable Software and Affected Versions: FTPPad versions prior to 1.3.0 Description: FTPPad contains a stack-based buffer overflow in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessive...

8.4CVSS7.8AI score0.00476EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.6 views

PT-2025-34311 · Sftpclient · Xftp Client

Name of the Vulnerable Software and Affected Versions: Xftp FTP Client versions through 3.0 build 0238 Description: Xftp FTP Client versions up to and including 3.0 build 0238 contain a stack-based buffer overflow vulnerability. This issue is triggered by a maliciously crafted PWD response from a...

9.3CVSS7.8AI score0.00947EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.5 views

Seagull FTP Client 安全漏洞

Seagull FTP Client is an FTP client software from Seagull USA. A security vulnerability exists in Seagull FTP Client v3.3 Build 409 and earlier versions, which stems from the FTP directory listing parser not validating the length of filenames, and could lead to a stack buffer overflow and executi...

8.5CVSS7.3AI score0.00476EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.7 views

PT-2025-34305 · Unknown · Ftp Synchronizer Professional

Name of the Vulnerable Software and Affected Versions: FTP Synchronizer Professional versions prior to 4.0.73.274 Description: A stack-based buffer overflow exists in FTP Synchronizer Professional when the client connects to an FTP server and issues a LIST command. A server response containing an...

8.5CVSS7.6AI score0.00476EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2010-3494

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by...

4.3CVSS5.8AI score0.01582EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/20 8:52 p.m.0 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via malformed HTTP/2 control frames that manipulate the RSTSTREAM process. An attacker can exhaust server resources and disrupt service availability by rapidly sending specially craft...

8.7CVSS7AI score0.01567EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/20 8:52 p.m.31 views

Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability

Technical Details Below is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.” MadeYouReset Vulnerability Summary The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frame...

7.7CVSS7.1AI score0.01567EPSS
Exploits0References14Affected Software2
NVD
NVD
added 2025/08/20 4:15 p.m.6 views

CVE-2010-20049

LeapFTP 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured Exception Handler SEH chain...

9.3CVSS0.00743EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/20 3:43 p.m.7 views

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

7.5CVSS7.1AI score0.01898EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/20 3:41 p.m.4 views

CVE-2011-10022 SPlayer 3.7 Content-Type Header Buffer Overflow

SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception...

8.6CVSS8AI score0.00749EPSS
Exploits0References5
CVE
CVE
added 2025/08/20 3:38 p.m.223 views

CVE-2010-20103

ProFTPD 1.3.3c contains a backdoor in its source tarball (Nov 28–Dec 2, 2010) enabling a hidden FTP command trigger that executes arbitrary shell commands as root. This is a remote, unauthenticated escalation. Remediate by upgrading to ProFTPD 1.3.3d or newer (per connected SNYK advisory).

9.8CVSS7.8AI score0.04753EPSS
In wildExploits1References8Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/20 3:38 p.m.5 views

CVE-2010-10014 Odin Secure FTP <= 4.1 Stack Buffer Overflow via LIST Response

Odin Secure FTP = 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrite...

8.7CVSS7.8AI score0.00954EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/20 3:37 p.m.2 views

tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream...

7.5CVSS7.1AI score0.03389EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/08/20 3:36 p.m.3 views

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

7.5CVSS7.1AI score0.01898EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/20 3:36 p.m.2 views

CVE-2010-20049 LeapFTP < 3.1.x Stack Buffer Overflow

LeapFTP 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured Exception Handler SEH chain...

9.3CVSS7.7AI score0.00743EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/20 3:36 p.m.10 views

CVE-2010-20049 LeapFTP < 3.1.x Stack Buffer Overflow

LeapFTP 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured Exception Handler SEH chain...

9.3CVSS0.00743EPSS
Exploits0References5
Rows per page
Query Builder