bind: TCP Pipelining doesn't limit TCP clients on a single connection

A flaw was found in the way bind limited the number of TCP clients that can be connected at any given time. A remote attacker could use one TCP client to send a large number of DNS requests over a single connection, causing exhaustion of the pool of file descriptors available to named, and...

Wing FTP Server Local Elevation of Privilege Vulnerability (CNVD-2020-16681)

Wing FTP Server is an easy-to-use, secure and reliable FTP server software for Windows, Linux, Mac OS and Solaris. A local elevation of privilege vulnerability exists in Wing FTP Server 6.2.3. The vulnerability stems from Wing FTP Server setting insecure permissions on files modified in the HTTP...

CVE-2020-8634

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may...

CVE-2020-8634

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may...

Design/Logic Flaw

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may...

CVE-2020-8634

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may...

February 11, 2020—KB4537776 (OS Build 10240.18486)

February 11, 2020—KB4537776 OS Build 10240.18486 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer, Microsoft Edge, an...

February 11, 2020—KB4537762 (OS Build 17134.1304)

February 11, 2020—KB4537762 OS Build 17134.1304 Windows 10, version 1803 the April 2018 Update Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update wi...

February 11, 2020—KB4532691 (OS Build 17763.1039)

February 11, 2020—KB4532691 OS Build 17763.1039 Note This release also contains updates for Microsoft HoloLens OS Build 17763.1039 released February 11, 2020. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that ha...

SharpStat - C# Utility That Uses WMI To Run "cmd.exe /c netstat -n", Save The Output To A File, Then Use SMB To Read And Delete The File Remotely

C utility that uses WMI to run "cmd.exe /c netstat -n", save the output to a file, then use SMB to read and delete the file remotely Description This script will attempt to connect to all the supplied computers and use WMI to execute cmd.exe /c netstat -n . The file the output is saved to is...

January 14, 2020—KB4534293 (OS Build 17134.1246)

January 14, 2020—KB4534293 OS Build 17134.1246 Windows 10, version 1803 the April 2018 Update Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update wit...

CVE-2019-19732

translationmanagetext.ajax.php and various manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir0 and/or sSortDir0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from th...

Security Bulletin: File Management Vulerability in IBM Watson Studio Local

Summary A security vulnerability involving symbolic links allowed arbitrary access to Watson Studio Local user directory. This vulnerability is addressed Vulnerability Details Third Party Entry: PSIRT-ADV0011814 DESCRIPTION: CVSS Base score: 8.8 CVSS Vector:...

File Upload Vulnerability in YunMOk Background Resource File Management

YunMOk is a general website management system under Nanchong Tiger Cloud Network Technology Co. There is a file upload vulnerability in the background resource file management of the cloud module, which can be exploited by an attacker to gain access to website administrator privileges...

CVE-2019-5211

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully...

Design/Logic Flaw

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully...

CVE-2019-5211

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully...

CVE-2019-5211

The CVE-2019-5211 issue affects Huawei P20 devices with Huawei Share prior to Emily-L29C 9.1.0.311, caused by improper file management during file transfers. The vulnerability could allow an attacker to cause deletion of files on the victim’s device after tricking the user into certain operations...

Huawei P20 File Mismanagement Vulnerability

Huawei P20 is a smartphone from Chinese company Huawei Huawei. A security vulnerability exists in the Huawei Share feature in Huawei P20, which stems from improper file management. An attacker can exploit the vulnerability by tricking a user into performing certain actions on his or her phone,...

Security Advisory - Improper File Management Vulnerability in Huawei Share

The Huawei Share function of some Huawei phones has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim...