CVE-2025-3349

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SYST Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Publication date: Mon, 07 Apr 2025 11:00:00 +0000

Cyber News related to CVE-2025-3349

CVE-2025-3349 - A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SYST Command Handler. The manipulation leads to buffer overflow. The attack may be initiated ...
2 months ago

CVE-2007-3441 - Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header ...
7 years ago

CVE-2008-3349 - Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related ...
7 years ago

CVE-2010-3349 - Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. ...
14 years ago

CVE-2005-3349 - GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. ...
13 years ago

CVE-2013-3349 - Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors. ...
11 years ago

CVE-2015-3349 - Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) deploy or (2) delete an .htaccess file via ...
8 years ago

CVE-2007-3349 - The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to (1) cause a denial of service (device freeze) via a malformed SIP message of a certain length or (2) cause a denial of service (continuous ring) ...
7 years ago

CVE-2014-3349 - Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410. ...
7 years ago

CVE-2009-3349 - SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component. ...
7 years ago

CVE-2016-3349 - The kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." ...
6 years ago

CVE-2006-3349 - Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php. ...
6 years ago

CVE-2011-3349 - lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation. ...
5 years ago

CVE-2020-3349 - Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected ...
4 years ago

CVE-2021-3349 - ** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute ...
4 years ago

CVE-2020-0583 - Improper access control in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access. This affects Intel® Smart Sound Technology before versions: 10th Generation ...
3 years ago

CVE-2017-3349 - Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows ...
5 years ago

CVE-2022-3349 - A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is ...
2 years ago

CVE-2023-3349 - Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL ...
1 year ago

CVE-2024-3349 - A vulnerability classified as critical was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/login.php. The manipulation of the argument email leads ...
1 year ago Tenable.com

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server. It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
3 months ago Cybersecuritynews.com CVE-2024-5594

CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
4 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861

Apple backports zero-day patches to older iPhones and Macs - Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. Specifically, the latest update for iOS 18.4 and iPadOS 18.4 fixes 77 ...
2 months ago Bleepingcomputer.com CVE-2025-30456

CVE-2025-37859 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

Hardening Windows Servers - Top Strategies to Prevent Exploits in 2025 - By leveraging the default security enhancements in Windows Server 2025 alongside strategic implementations of Application Control, Attack Surface Reduction, and proper credential management, organizations can significantly reduce their risk exposure ...
1 month ago Cybersecuritynews.com

Cyber Trends (last 7 days)

CVE-2025-3349

Cyber News related to CVE-2025-3349

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)