Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ftp service vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-12047
The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials.
Baxter Sigma Spectrum Infusion System Firmware 8.0
7.5
CVSSv2
CVE-2020-12043
The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted.
Baxter Sigma Spectrum Infusion System Firmware 8.0
7.8
CVSSv2
CVE-2020-3254
Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condit...
Cisco Firepower Threat Defense
Cisco Asa 5505 Firmware 9.10\\(1.3\\)
Cisco Asa 5510 Firmware 9.10\\(1.3\\)
Cisco Asa 5512-x Firmware 9.10\\(1.3\\)
Cisco Asa 5515-x Firmware 9.10\\(1.3\\)
Cisco Asa 5520 Firmware 9.10\\(1.3\\)
Cisco Asa 5525-x Firmware 9.10\\(1.3\\)
Cisco Asa 5540 Firmware 9.10\\(1.3\\)
Cisco Asa 5545-x Firmware 9.10\\(1.3\\)
Cisco Asa 5550 Firmware 9.10\\(1.3\\)
Cisco Asa 5555-x Firmware 9.10\\(1.3\\)
Cisco Asa 5580 Firmware 9.10\\(1.3\\)
Cisco Asa 5585-x Firmware 9.10\\(1.3\\)
Cisco Adaptive Security Appliance Software
1 Article
4.3
CVSSv2
CVE-2020-9488
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
Apache Log4j
Oracle Flexcube Private Banking 12.1.0
Oracle Retail Integration Bus 14.1
Oracle Flexcube Private Banking 12.0.0
Oracle Flexcube Core Banking 5.2.0
Oracle Retail Integration Bus 15.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Weblogic Server 10.3.6.0.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 2.2.0.0.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Retail Integration Bus 16.0
Oracle Primavera Unifier 18.8
Oracle Retail Customer Management And Segmentation Foundation 16.0
Oracle Retail Customer Management And Segmentation Foundation 17.0
Oracle Retail Customer Management And Segmentation Foundation 18.0
Oracle Policy Automation Connector For Siebel 10.4.6
Oracle Data Integrator 12.2.1.3.0
Oracle Jd Edwards World Security A9.4
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Utilities Framework 4.4.0.0.0
3 Github repositories
1 Article
5
CVSSv2
CVE-2019-14309
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an malicious user to access and read information stored on the shared FTP folders.
Ricoh Sp C250sf Firmware
Ricoh Sp C252sf Firmware
Ricoh Sp C250dn Firmware 1.05
Ricoh Sp C252dn Firmware
5
CVSSv2
CVE-2013-1753
The gzip_decode function in the xmlrpc client library in Python 3.4 and previous versions allows remote malicious users to cause a denial of service (memory consumption) via a crafted HTTP request.
Python Python
3.5
CVSSv2
CVE-2019-19291
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials...
Siemens Sinvr 3 Video Server
Siemens Sinvr 3 Central Control Server
7.5
CVSSv2
CVE-2014-4650
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote malicious users to read script source code or conduct directory traversal attacks and execute unintended code via a crafted char...
Python Python
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 5.0
Redhat Software Collections -
1 EDB exploit
9
CVSSv2
CVE-2020-9273
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
Proftpd Proftpd 1.3.7
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Siemens Simatic Net Cp 1545-1 Firmware -
Siemens Simatic Net Cp 1543-1 Firmware
3 Github repositories
5
CVSSv2
CVE-2019-12528
An issue exists in Squid prior to 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
Squid-cache Squid
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »