Lucene search
K

154 matches found

Github Security Blog
Github Security Blog
added 2018/10/17 7:55 p.m.31 views

XML external entity expansion in org.apache.solr:solr-core

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

5.5CVSS5.2AI score0.09025EPSS
Exploits1References9Affected Software1
Veracode
Veracode
added 2018/05/22 5:25 a.m.19 views

XML External Entity (XXE)

Apache Solr is vulnerable to XML enternal entity XXE injection. The attack is possible because Solr config files are accessible through API if Xinclude is enabled. Using file/ftp/http protocols, arbitrary files from the Solr server can be exposed...

5.5CVSS6AI score0.03917EPSS
Exploits0References6Affected Software1
Fedora
Fedora
added 2018/05/11 9:15 p.m.35 views

[SECURITY] Fedora 28 Update: wget-1.19.5-1.fc28

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

6.5CVSS1AI score0.17249EPSS
Exploits5
Prion
Prion
added 2018/04/09 1:29 p.m.17 views

Xxe

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...

5CVSS7.2AI score0.20937EPSS
Exploits0References5Affected Software2
Debian CVE
Debian CVE
added 2018/04/09 1:0 p.m.34 views

CVE-2018-1308

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...

7.5CVSS7.5AI score0.20937EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/08/09 12:0 a.m.31 views

Oracle Linux 7 : curl (ELSA-2017-2016)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2016 advisory. 7.29.0-42 - fix use of uninitialized variable detected by Covscan 7.29.0-41 - make FTPS work with --proxytunnel 1420327 7.29.0-40 - make FTPS work with...

9.8CVSS7AI score0.11737EPSS
Exploits0References2
OSV
OSV
added 2017/04/20 12:0 a.m.9 views

PSF-2017-10 urllib FTP protocol stream injection

FTP protocol stream injection via malicious URLs...

7.5AI score
Exploits0References4
ThreatPost
ThreatPost
added 2017/02/23 9:19 a.m.16 views

Java, Python FTP Injection Attacks Bypass Firewalls

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity XXE flaws carry the potential to expose sensitive systems to attack. Details about both issues were publicly disclosed this week, but private notifications were made to the Python...

1.1AI score
Exploits0References2
The Hacker News
The Hacker News
added 2017/02/21 6:25 a.m.18 views

Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection

This newly discovered bugs in Java and Python is a big deal today. The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses. And since both the flaws remain unpatched, hackers can take...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/02 12:0 a.m.24 views

FreeFloat FTP Server 1.0 RENAME Buffer Overflow

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: FreeFloat FTP Server RENAME Command Buffer Overflow Exploit Date: 29/10/2016 Exploit Author: Eagleblack Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version: 1.00 Tested on: Windows XP Profesional SP3 Spanish versi...

0.4AI score
Exploits0
Fedora
Fedora
added 2016/06/18 4:19 a.m.41 views

[SECURITY] Fedora 22 Update: wget-1.18-1.fc22

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

8.8CVSS1AI score0.45935EPSS
Exploits8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Mozilla Firefox 3 - ftp:// URL Multiple File Format Handling XSS

No description provided by source. source: http://www.securityfocus.com/bid/31855/info Mozilla Firefox 3 is prone to a cross-site scripting weakness that arises because the software fails to handle specially crafted files served using the FTP protocol. Successfully exploiting this issue may allow...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

ACLogic CesarFTP 0.99 Remote Resource Exhaustion Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9666/info It has been reported that CesarFTP is prone to a remote resource exhaustion vulnerability. This issue is due to the application failing to properly validate user input. Successful exploitation of this issue may...

7.1AI score
Exploits0
NVD
NVD
added 2014/04/25 5:12 a.m.20 views

CVE-2014-0760

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service application crash vi...

9.3CVSS7.9AI score0.0315EPSS
Exploits0References2
Prion
Prion
added 2014/04/25 5:12 a.m.15 views

Design/Logic Flaw

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via...

9.3CVSS8.4AI score0.0315EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/04/25 1:0 a.m.25 views

CVE-2014-0760 Festo CECX-X-(C1/M1) Controller Improper Authentication

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service application crash vi...

9.3CVSS7.9AI score0.0315EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2012/10/22 12:0 a.m.18 views

TurboFTP Server PORT Command Processing Buffer Overflow Vulnerability

TurboFTP server is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8AI score
Exploits0References5
seebug.org
seebug.org
added 2010/07/26 12:0 a.m.12 views

Ubuntu 10.04 LTS - Lucid Lynx ftp Client v0.17-19build1 ACCT Buffer Overflow

No description provided by source. Exploit Title: Ubuntu 10.04 LTS - Lucid Lynx ftp Client v0.17-19build1 ACCT Buffer Overflow Date: 23/07/2010 Author: d0lc3 d0lc3xatgmaildomcom Software Link: http://packages.ubuntu.com/ Version: 0.17-19build1 Tested on: Linux ubuntu32 2.6.32-23-generic x64...

7.1AI score
Exploits0
Fedora
Fedora
added 2009/12/03 4:56 a.m.37 views

[SECURITY] Fedora 11 Update: wget-1.12-2.fc11

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

6.8CVSS1AI score0.03517EPSS
Exploits1
Packet Storm
Packet Storm
added 2009/11/26 12:0 a.m.35 views

Texas Imperial Software WFTPD 3.23 SIZE Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Texas Imperi...

6.5CVSS0.6AI score0.62319EPSS
Exploits5
Rows per page
Query Builder