CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2020-15152 – Server-Side Request Forgery in ftp-srv
https://notcve.org/view.php?id=CVE-2020-15152
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. • https://github.com/ossf-cve-benchmark/CVE-2020-15152 https://github.com/autovance/ftp-srv/commit/e449e75219d918c400dec65b4b0759f60476abca https://github.com/autovance/ftp-srv/security/advisories/GHSA-jw37-5gqr-cf9j https://www.npmjs.com/package/ftp-srv • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11383
https://notcve.org/view.php?id=CVE-2019-11383
An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml Un problema fue encontrado en la aplicación Medha WiFi servidor FTP versión 1.8.3 para Android. Un atacante puede leer el nombre de username/password de una usuario válido a través de/data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.XML • https://pastebin.com/6uT9jhDR •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9668
https://notcve.org/view.php?id=CVE-2019-9668
An issue was discovered in rovinbhandari FTP through 2012-03-28. receive_file in file_transfer_functions.c allows remote attackers to cause a denial of service (daemon crash) via a 0xffff datalen field value. Se descubrió un problema en rovinbhandari FTP hasta el 28/03/2012. La función receive_file en el archivo file_transfer_functions.c, permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) por medio de un valor del campo datalen 0xffff. • https://packetstormsecurity.com/files/152058/robinbhandari-FTP-Remote-Denial-Of-Service.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2018-18861 – PCManFTPD 2.0.7 Server APPE Command Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-18861
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. Desbordamiento de búfer en PCMan FTP Server 2.0.7 permite la ejecución remota de código mediante el comando APPE. • http://packetstormsecurity.com/files/150174/PCManFTPD-2.0.7-Server-APPE-Command-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12481
https://notcve.org/view.php?id=CVE-2018-12481
The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module. La aplicación Olive Tree Ftp Server 1.32 para Android tiene una vulnerabilidad de datos sensibles en el portapapeles, tal y como queda demostrado con la lectura del campo "User password" con el módulo post.capture.clipboard de Drozer. • https://pastebin.com/sp5nMhvc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •