CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 3CVE-2020-26299 – File System Bounds Escape
https://notcve.org/view.php?id=CVE-2020-26299
10 Feb 2021 — ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (`\`), `path.resolve` leaves the upper pointers intact and allows the user to move beyond the root folder defined for that user. We did not ta... • https://github.com/autovance/ftp-srv/commit/457b859450a37cba10ff3c431eb4aa67771122e3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2020-15152 – Server-Side Request Forgery in ftp-srv
https://notcve.org/view.php?id=CVE-2020-15152
17 Aug 2020 — ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. • https://github.com/ossf-cve-benchmark/CVE-2020-15152 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-11383
https://notcve.org/view.php?id=CVE-2019-11383
22 Apr 2019 — An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml Un problema fue encontrado en la aplicación Medha WiFi servidor FTP versión 1.8.3 para Android. Un atacante puede leer el nombre de username/password de una usuario válido a través de/data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_prefer... • https://pastebin.com/6uT9jhDR •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9668 – robinbhandari FTP Remote Denial of Service
https://notcve.org/view.php?id=CVE-2019-9668
12 Mar 2019 — An issue was discovered in rovinbhandari FTP through 2012-03-28. receive_file in file_transfer_functions.c allows remote attackers to cause a denial of service (daemon crash) via a 0xffff datalen field value. Se descubrió un problema en rovinbhandari FTP hasta el 28/03/2012. La función receive_file en el archivo file_transfer_functions.c, permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) por medio de un valor del campo datalen 0xffff. robinbhandari FTP suffers from a denial... • https://packetstormsecurity.com/files/152058/robinbhandari-FTP-Remote-Denial-Of-Service.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2018-18861 – PCManFTPD 2.0.7 Server APPE Command Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-18861
05 Nov 2018 — Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. Desbordamiento de búfer en PCMan FTP Server 2.0.7 permite la ejecución remota de código mediante el comando APPE. • https://packetstorm.news/files/id/150174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12481
https://notcve.org/view.php?id=CVE-2018-12481
15 Jun 2018 — The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module. La aplicación Olive Tree Ftp Server 1.32 para Android tiene una vulnerabilidad de datos sensibles en el portapapeles, tal y como queda demostrado con la lectura del campo "User password" con el módulo post.capture.clipboard de Drozer. • https://pastebin.com/sp5nMhvc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5310 – Media from FTP Plugin < 9.85 - Directory Traversal
https://notcve.org/view.php?id=CVE-2018-5310
09 Jan 2018 — In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. En el plugin "Media from FTP" en versiones anteriores a la 9.85 para WordPress, existe salto de directorio mediante el parámetro searchdir en el URI wp-admin/admin.php?page=mediafromftp-search-register. The Media from FTP Plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 9.84 via the searchd... • https://github.com/d4wner/Vulnerabilities-Report/blob/master/media-from-ftp.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 41%CPEs: 1EXPL: 2CVE-2015-7601 – PCMan FTP Server 2.0.7 - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-7601
29 Sep 2015 — Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. Vulnerabilidad de salto de directorio en PCMan's FTP Server 2.0.7, permite a atacantes remotos leer archivos arbitrarios a través de un ..// (punto punto doble barra) en un comando RETR. • https://packetstorm.news/files/id/181001 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 66%CPEs: 1EXPL: 15CVE-2013-4730 – PCMan FTP Server 2.0 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4730
28 Jun 2013 — Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command. Desbordamiento de buffer en PCMan's FTP Server 2.0.7 permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga en un comando USER. • https://packetstorm.news/files/id/122204 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4095
https://notcve.org/view.php?id=CVE-2010-4095
26 Oct 2010 — Directory traversal vulnerability in the FTP client in Serengeti Systems Incorporated Robo-FTP 3.7.3, and probably other versions before 3.7.5, allows remote FTP servers to write arbitrary files via a .. (dot dot) in a filename in a server response. Vulnerabilidad de directorio traversal en el cliente de FTP en Serengeti Systems Incorporated Robo-FTP v3.7.3, y probablemente otras versiones anteriores a v3.7.5, permite a servidores FTP escribir ficheros de su lección a través de los caracteres .. (punto punt... • http://kb.robo-ftp.com/change_log/show/77 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •