781 matches found
BulletProof FTP Client 2010.74 Buffer Overflow
BulletProof FTP Client version 2010.74 suffers from a buffer overflow vulnerability. Exploit Title: BulletProof FTP Client v2010.74 - Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 14.09.2023 Vendor Homepage: http://www.bpftp.com Software Link:...
Linux Distros Unpatched Vulnerability : CVE-2021-37533
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a...
Linux Distros Unpatched Vulnerability : CVE-2021-4189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host...
Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure (CVE-2021-37533)
Summary IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure CVE-2021-37533 Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP clien...
RHEL 9 : log4j (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies CVE-2023-26049 -...
RHEL 7 : log4j (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - log4j: Socket receiver deserialization vulnerability CVE-2017-5645 - UNSUPPORTED WHEN ASSIGNED When using...
Fedora: Security Advisory (FEDORA-2024-ff9a2fb31c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CarotDAV Credential Gatherer
This module searches for credentials stored on CarotDAV FTP Client on a Windows host. Module Options msf use post/windows/gather/credentials/carotdavftp msf postcarotdavftp show actions ...actions... msf postcarotdavftp set ACTION msf postcarotdavftp show options ...show and set options... msf...
BIT-PYTHON-2021-4189
A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...
USN-6641-1: curl vulnerability
Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains...
[SECURITY] Fedora 39 Update: filezilla-3.66.4-1.fc39
FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFTP - Cross-platform - Available in many languages - Supports resume and transfer of large files greater than 4GB - Easy to use Site Manager and transfe...
Rocky Linux 8 : python27:2.7 (RLSA-2022:1821)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1821 advisory. - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser...
Security Bulletin: There is a vulnerability in Apache Commons Net used by IBM Jazz Reporting Service (CVE-2021-37533)
Summary There is a vulnerability in Apache Commons Net used by IBM Jazz Reporting Service. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV...
Security Bulletin: There is a vulnerability in Apache Commons Net used by IBM Maximo Asset Management (CVE-2021-37533)
Summary There is a vulnerability in Apache Commons Net used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV...
Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to remote code execution due to Apache Commons Net (CVE-2021-37533)
Summary Apache Commons Net is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastructure. Information about security vulnerabilities affecting Apache Commons Net has been published in a security bulletin. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache...
Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update
Red Hat Integration Camel Extensions for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability...
apache-commons-net: FTP client trusts the host from PASV response by default
A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of...
Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update
Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Commons
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trust...
USN-6037-1: Apache Commons Net vulnerability
ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private...