Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      Vibe Loop: AI-native reliability engineering for the real world

      July 10, 2025

      Docker Compose gets new features for building and running agents

      July 10, 2025

      Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

      July 10, 2025

      Unmasking The Magic: The Wizard Of Oz Method For UX Research

      July 10, 2025

      The Beats Studio Buds Plus are nearly 50% off during Prime Day – hurry while the deal lasts

      July 10, 2025

      Perplexity’s Comet AI browser is hurtling toward Chrome – how to try it

      July 10, 2025

      My favorite headphones for watching movies are at their lowest price for Prime Day

      July 10, 2025

      Musk claims new Grok 4 beats o3 and Gemini 2.5 Pro – how to try it

      July 10, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Oracle Cloud EPM: Transitioning to Forms 2.0, Dashboards 2.0 by October 2025

      July 10, 2025
      Recent

      Oracle Cloud EPM: Transitioning to Forms 2.0, Dashboards 2.0 by October 2025

      July 10, 2025

      This Week in Laravel: React.js, Filament vs Laravel, and Junior Test

      July 10, 2025

      NativePHP for Mobile v1.1: Smaller, Smarter, and Ready to Scale

      July 10, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      Linux’s Ascendancy: Charting the Open-Source Surge in the Desktop OS Arena

      July 10, 2025
      Recent

      Linux’s Ascendancy: Charting the Open-Source Surge in the Desktop OS Arena

      July 10, 2025

      Asteroid Shooter – time-bound survival asteroid shooter

      July 10, 2025

      Mozilla VPN Linux App is Now Available on Flathub

      July 10, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Security»Common Vulnerabilities and Exposures (CVEs)»CVE-2025-47812 – Wing FTP Server Lua Code Injection Vulnerability

    CVE-2025-47812 – Wing FTP Server Lua Code Injection Vulnerability

    July 10, 2025

    CVE ID : CVE-2025-47812

    Published : July 10, 2025, 5:15 p.m. | 29 minutes ago

    Description : In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle ” bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.

    Severity: 10.0 | CRITICAL

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleCVE-2025-47813 – Wing FTP Server Path Disclosure Vulnerability
    Next Article CVE-2025-47811 – Wing FTP Server Privilege Escalation Vulnerability

    Related Posts

    Development

    Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

    July 10, 2025
    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-27614 – Gitk Command Injection Vulnerability

    July 10, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    CVE-2024-12093 – GitLab SAML XPath Validation Bypass

    Common Vulnerabilities and Exposures (CVEs)

    RustoBot Botnet Exploits Router Flaws in Sophisticated Attacks

    Security

    Apple Machine Learning Research at ICLR 2025

    Machine Learning

    Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication

    Security

    Highlights

    CVE-2025-46264 – Angelo Mandato PowerPress Podcasting Unrestricted File Upload Vulnerability

    April 24, 2025

    CVE ID : CVE-2025-46264

    Published : April 24, 2025, 4:15 p.m. | 3 hours, 8 minutes ago

    Description : Unrestricted Upload of File with Dangerous Type vulnerability in Angelo Mandato PowerPress Podcasting allows Upload a Web Shell to a Web Server. This issue affects PowerPress Podcasting: from n/a through 11.12.5.

    Severity: 9.9 | CRITICAL

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    CVE-2025-4299 – Tenda AC1206 Buffer Overflow Vulnerability

    May 5, 2025

    Apache ActiveMQ Vulnerability Let Attackers Trigger DoS Condition

    May 8, 2025

    CVE-2025-3584 – WordPress Newsletter Stored Cross-Site Scripting Vulnerability

    June 3, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.