12693 matches found
Smuggling Requests with Chunked Extensions: A New HTTP Desync Trick
A new HTTP request smuggling technique was recently discovered, where attackers take advantage of inconsistent parsing behaviors between front-end proxy servers and back-end application servers. This attack technique leverages ambiguous request formatting to inject malicious secondary requests th...
PT-2025-34303 · Unknown · Seagull Ftp Client
Name of the Vulnerable Software and Affected Versions: Seagull FTP Client version 3.3 build 409 Description: Seagull FTP Client contains a stack-based buffer overflow in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command...
INFINITT PACS System Manager 代码问题漏洞
INFINITT PACS System Manager is a medical image archiving and transfer system from INFINITT Corporation. A code issue vulnerability exists in INFINITT PACS System Manager that originates from uploading an arbitrary file, which could lead to a system compromise...
Gekko Manager FTP Client 安全漏洞
Gekko Manager FTP Client is an FTP client software from Gekko Manager, Inc. A security vulnerability exists in Gekko Manager FTP Client version 0.77 and prior versions, which originates from the FTP directory listing parser not validating the length of filenames, and could lead to a stack buffer...
PT-2025-34306 · Ftppad · Ftppad
Name of the Vulnerable Software and Affected Versions: FTPPad versions prior to 1.3.0 Description: FTPPad contains a stack-based buffer overflow in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessive...
PT-2025-34311 · Sftpclient · Xftp Client
Name of the Vulnerable Software and Affected Versions: Xftp FTP Client versions through 3.0 build 0238 Description: Xftp FTP Client versions up to and including 3.0 build 0238 contain a stack-based buffer overflow vulnerability. This issue is triggered by a maliciously crafted PWD response from a...
Seagull FTP Client 安全漏洞
Seagull FTP Client is an FTP client software from Seagull USA. A security vulnerability exists in Seagull FTP Client v3.3 Build 409 and earlier versions, which stems from the FTP directory listing parser not validating the length of filenames, and could lead to a stack buffer overflow and executi...
PT-2025-34305 · Unknown · Ftp Synchronizer Professional
Name of the Vulnerable Software and Affected Versions: FTP Synchronizer Professional versions prior to 4.0.73.274 Description: A stack-based buffer overflow exists in FTP Synchronizer Professional when the client connects to an FTP server and issues a LIST command. A server response containing an...
Linux Distros Unpatched Vulnerability : CVE-2010-3494
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via malformed HTTP/2 control frames that manipulate the RSTSTREAM process. An attacker can exhaust server resources and disrupt service availability by rapidly sending specially craft...
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability
Technical Details Below is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.” MadeYouReset Vulnerability Summary The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frame...
CVE-2010-20049
LeapFTP 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured Exception Handler SEH chain...
tomcat: Apache Tomcat denial of service
A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...
CVE-2011-10022 SPlayer 3.7 Content-Type Header Buffer Overflow
SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception...
CVE-2010-20103
ProFTPD 1.3.3c contains a backdoor in its source tarball (Nov 28–Dec 2, 2010) enabling a hidden FTP command trigger that executes arbitrary shell commands as root. This is a remote, unauthenticated escalation. Remediate by upgrading to ProFTPD 1.3.3d or newer (per connected SNYK advisory).
CVE-2010-10014 Odin Secure FTP <= 4.1 Stack Buffer Overflow via LIST Response
Odin Secure FTP = 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrite...
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames
A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream...
tomcat: Apache Tomcat denial of service
A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...
CVE-2010-20049 LeapFTP < 3.1.x Stack Buffer Overflow
LeapFTP 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured Exception Handler SEH chain...
CVE-2010-20049 LeapFTP < 3.1.x Stack Buffer Overflow
LeapFTP 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured Exception Handler SEH chain...