CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3372 – PCMan FTP Server MKDIR Command buffer overflow
https://notcve.org/view.php?id=CVE-2025-3372
07 Apr 2025 — A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component MKDIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://fitoxs.com/exploit/01-exploit.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3371 – PCMan FTP Server DELETE Command buffer overflow
https://notcve.org/view.php?id=CVE-2025-3371
07 Apr 2025 — A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component DELETE Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://fitoxs.com/exploit/exploit1.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3349 – PCMan FTP Server SYST Command buffer overflow
https://notcve.org/view.php?id=CVE-2025-3349
07 Apr 2025 — A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SYST Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.303563 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0732 – PCMan FTP Server STOR Command denial of service
https://notcve.org/view.php?id=CVE-2024-0732
19 Jan 2024 — A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0731 – PCMan FTP Server PUT Command denial of service
https://notcve.org/view.php?id=CVE-2024-0731
19 Jan 2024 — A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-4432 – PCMan FTP Server USER Command denial of service
https://notcve.org/view.php?id=CVE-2021-4432
16 Jan 2024 — A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as problematic. This affects an unknown part of the component USER Command Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. • https://0day.today/exploit/description/36412 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-25046 – Cerberus FTP Web Service 11 - 'svg' Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2019-25046
10 Jun 2021 — The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document. El Cliente Web en Cerberus FTP Server Enterprise versiones anteriores a 10.0.19 y 11.x versiones anteriores a 11.0.4 permite un XSS por medio de un documento SVG • https://www.exploit-db.com/exploits/49981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2018-18861 – PCManFTPD 2.0.7 Server APPE Command Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-18861
05 Nov 2018 — Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. Desbordamiento de búfer en PCMan FTP Server 2.0.7 permite la ejecución remota de código mediante el comando APPE. • https://packetstorm.news/files/id/150174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9499 – The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting.
https://notcve.org/view.php?id=CVE-2016-9499
13 Jul 2018 — Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them. El servidor Accellion FTP en versiones anteriores a FTA_9_12_220 solo devuelve el nombre de usuario en la respuesta del servidor si el nombre de usuario no es válido. Un atacante podría usar esta información para determinar cuentas de usuario válidas y enumerarlas. • https://www.kb.cert.org/vuls/id/745607 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-204: Observable Response Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9500 – The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to informaiton exposure
https://notcve.org/view.php?id=CVE-2016-9500
13 Jul 2018 — Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting. El servidor Accellion FTP en versiones anteriores a FTA_9_12_220 emplea el componente de flash Accusoft Prizm Content, que contiene múltiples parámetros (customTabCategoryName, customButton1Image) que son vulnerables a Cross-Site Scripting (XSS). • https://www.kb.cert.org/vuls/id/745607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •