The vulnerability of the rsyncd utility for transferring and synchronizing Rsync files allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the rsyncd utility for transferring and synchronizing Rsync files involves the generation of invalid tokens and checksums during the copying process. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps

Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google's Mandiant Managed Defense team,...

CVE-2024-11144

The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a secure file transfer solution from Fortra USA. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.7.0 that stems from an information disclosure vulnerability that allows external access to resources in certain administrative root folders...

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors...

Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)

On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software. Late the evening of December 9, security firm Huntress published a blog on active exploitation of three different Cleo products docs: Cleo VLTrader...

VulnCheck KEV: CVE-2024-50623

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges...

CVE-2024-12344

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3vT TTV6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

PT-2024-9320 · Tp Link · Tp-Link Vn020 F3V

Name of the Vulnerable Software and Affected Versions: TP-Link VN020 F3vT TT V6.2.1021 Description: A critical issue was found in the FTP USER Command Handler component of the TP-Link VN020 F3vT router, affecting an unknown part of this component. The manipulation of this issue leads to memory...

CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...

CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...

PT-2024-38846

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX API ftptest.cgi did not have sufficient input validation, allowing for a possible command injection. This could lead to the ability to transfer files from or to the Axis...

The vulnerability of the SFTP module in the software for managing network infrastructure of SINEC INS allows a perpetrator to execute arbitrary code.

The vulnerability of the SFTP module in the SINEC INS software for managing network infrastructure is related to errors in file upload path cleaning. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

AIPHONE IX SYSTEM和AIPHONE IXG SYSTEM 安全漏洞

AIPHONE IX SYSTEM and AIPHONE IXG SYSTEM are both products of AIPHONE CORPORATION Japan AIPHONE IX SYSTEM is an IP visual intercom system.AIPHONE IXG SYSTEM is an IP-based residential system. A security vulnerability exists in AIPHONE IX SYSTEM and AIPHONE IXG SYSTEM that stems from the presence ...

Fintech Giant Finastra Investigating Data Breach

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of the security incident...

CVE-2020-26074

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

CVE-2020-26074 Cisco SD-WAN vManage Privilege Escalation Vulnerability

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

CVE-2020-26074 Cisco SD-WAN vManage Privilege Escalation Vulnerability

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

CVE-2024-46894

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured...