CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2014-125114 – i-Ftp 2.20 Schedule.xml Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-125114
25 Jul 2025 — A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger a buffer overflow during scheduled download parsing, potentially leading to arbitrary code execution or a crash. Existe una vulnerabilidad de desbordamiento de búfer en la pila en i-Ftp versión 2.20 debido al manejo incorrecto del atributo Time en Schedule... • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/iftp_schedule_bof.rb • CWE-20: Improper Input Validation CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-28892 – WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-28892
11 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync allows Stored XSS. This issue affects FTP Sync: from n/a through 1.1.6. The FTP Sync – Theme, Media & Plugin Files plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can tr... • https://patchstack.com/database/wordpress/plugin/ftp-sync/vulnerability/wordpress-ftp-sync-plugin-1-1-6-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23793 – WordPress Auto FTP plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2025-23793
16 Jan 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Auto FTP allows Stored XSS. This issue affects Auto FTP: from n/a through 1.0.1. The Auto FTP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into ... • https://patchstack.com/database/wordpress/plugin/auto-ftp/vulnerability/wordpress-auto-ftp-plugin-1-0-1-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5052 – Resource consumption vulnerability in Cerberus FTP Enterprise
https://notcve.org/view.php?id=CVE-2024-5052
17 May 2024 — Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests. Vulnerabilidad de denegación de servicio (DoS) para la administración web de Cerberus Enterprise 8.0.10.3. La vulnerabilidad existe cuando el servidor web, puerto predeterminado 10001, intenta procesar una gran cantidad de solicitudes HTTP incompletas. • https://www.incibe.es/en/incibe-cert/notices/aviso/resource-consumption-vulnerability-cerberus-ftp-enterprise • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-1017 – Gabriels FTP Server denial of service
https://notcve.org/view.php?id=CVE-2024-1017
29 Jan 2024 — A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument USERNAME leads to denial of service. The attack may be initiated remotely. • https://packetstormsecurity.com/files/176714/Gabriels-FTP-Server-1.2-Denial-Of-Service.html • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0736 – EFS Easy File Sharing FTP Login denial of service
https://notcve.org/view.php?id=CVE-2024-0736
19 Jan 2024 — A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://0day.today/exploit/39249 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0732 – PCMan FTP Server STOR Command denial of service
https://notcve.org/view.php?id=CVE-2024-0732
19 Jan 2024 — A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0731 – PCMan FTP Server PUT Command denial of service
https://notcve.org/view.php?id=CVE-2024-0731
19 Jan 2024 — A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2024-0693 – EFS Easy File Sharing FTP denial of service
https://notcve.org/view.php?id=CVE-2024-0693
18 Jan 2024 — A vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://0day.today/exploit/description/39218 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-4432 – PCMan FTP Server USER Command denial of service
https://notcve.org/view.php?id=CVE-2021-4432
16 Jan 2024 — A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as problematic. This affects an unknown part of the component USER Command Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. • https://0day.today/exploit/description/36412 • CWE-404: Improper Resource Shutdown or Release •