25 matches found
CVE-2018-4019
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...
CVE-2018-4020
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...
PineApp Mail-SeCure ldapsyncnow.php Remote Command Execution
A remote command execution vulnerability has been reported in PineApp Mail-SeCure. The vulnerability is due to exposing of the ldapsyncnow.php file of the administration web interface. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server...
Null pointer dereference
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service daemon crash via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails...
SurgeFTP FTP server DoS
Administration web interface Content-Length memory consumption...