Reflection Security Vulnerabilities

CVE-2016-5765

Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited...

CVE-2014-0605

Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the SaveSettings...

CVE-2014-0604

Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog...

CVE-2014-0603

The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference...

CVE-2014-5211

Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD...

CVE-2011-5157

Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party...

CVE-2011-5012

Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix...

CVE-2010-4146

Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2008-6021

Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka "security vulnerabilities found by 3rd party...

CVE-2006-0705

Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure....

CVE-2005-2770

WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during...

CVE-2005-2771

WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be.....