21 matches found
CVE-2016-10780
cPanel before 60.0.25 allows stored XSS in the ftpsessions API SEC-180...
EUVD-2010-2971
Malware in sbrugna...
EUVD-1999-0202
Malware in sbrugna...
EUVD-2002-2412
Malware in sbrugna...
Cerberus FTP Server Enterprise Cross-Site Scripting Vulnerability
Cerberus FTP Server is a Windows-based FTP server from Cerberus USA that supports encrypted FTP sessions via FTPS and SFTP. A cross-site scripting vulnerability exists in Cerberus FTP Server Enterprise versions prior to 10.0.19, 11.x series versions prior to 11.0.4, which can be exploited by an...
CVE-2016-10780
cPanel before 60.0.25 allows stored XSS in the ftpsessions API SEC-180...
May 28, 2019—KB4499147 (OS Build 16299.1182)
May 28, 2019—KB4499147 OS Build 16299.1182 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...
Amazon Linux AMI : ImageMagick (ALAS-2016-699) (ImageTragick)
It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...
Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (20160509) (ImageTragick)
Security Fixes : - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the...
ImageMagick: SSRF vulnerability
A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTPS requests or opening...
Authentication flaw
Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions, which allows remote attackers to obtain sensitive information via RETR commands...
Attackers Shifting to Delivering Unknown Malware Via FTP and Web Pages
The bulk of “unknown” malware is being delivered to systems via Web-based attacks, proxies and FTP sessions, according to a study released by Palo Alto Networks this week. The study dubbed “The Modern Malware Review,” found more than 26,000 malware samples, and focuses on what the firm calls...
CVE-2011-1575
The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...
CVE-2011-1575
The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...
CVE-2011-0762
The vsffilenamepassesfilter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service CPU consumption and process slot exhaustion via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632...
CVE-2011-0762
The vsffilenamepassesfilter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service CPU consumption and process slot exhaustion via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632...
CVE-2003-1591
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service console hang via a large number of FTP sessions, which are not properly handled during an NLM unload...
CVE-2002-2434
NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service abend via multiple FTP sessions...
CVE-1999-0202
The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands...
CVE-1999-0202
CVE-1999-0202 affects the GNU tar command when used in FTP sessions, enabling an attacker to execute arbitrary commands via the tar process. The connected records consistently describe this as a vulnerability in GNU tar in FTP contexts with potential for remote command execution; however, explici...