CVE-2024-46888

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and...

Progress Software WS_FTP Server 安全漏洞

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, Inc. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.9 that stems from an incorrect implementation of the authentication algorithm in the Web Transfer...

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. An unauthorized access vulnerability exists in Siemens SINEC INS, which could be exploited by an attacker to obtain information about the user list of the SFTP service...

PT-2024-39990

Name of the Vulnerable Software and Affected Versions WS FTP Server versions prior to 8.8.9 Description The issue is related to an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing users to bypass the second-factor verification and log in using only the...

VulnCheck KEV: CVE-2022-45440

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a...

CVE-2024-33700

The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption...

CVE-2024-32946

A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks...

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed...

LevelOne WBR-6012 输入验证错误漏洞

The LevelOne WBR-6012 is a wireless router from LevelOne. The LevelOne WBR-6012 suffers from an Input Authentication Error vulnerability that originates from a series of incorrectly formatted FTP commands that can lead to a denial of service...

PT-2024-24993 · Levelone · Levelone Wbr-6012

Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 router version R0.40e6 Description: A vulnerability in the LevelOne WBR-6012 router's firmware allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks...

The vulnerability of the Xlight file server exists due to a mistake caused by integer overflow, allowing attackers to execute arbitrary code by sending specially crafted SFTP packets.

The vulnerability of the Xlight file server exists due to a mistake caused by integer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted SFTP packets...

PT-2024-25456 · Levelone · Levelone Wbr-6012

Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 router firmware version R0.40e6 Description: The issue is related to an input validation vulnerability within the FTP functionality, allowing attackers to cause a denial of service through a series of malformed FTP commands...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software TLS Denial of Service Vulnerability

A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...

Xlight FTP 输入验证错误漏洞

Xlight FTP is a high performance and easy to use FTP server software from Xlight FTP Inc. Make file transfers secure and easy to use. A security vulnerability exists in Xlight FTP versions prior to 3.9.4.3 that stems from an integer overflow in the SFTP server packet parsing logic, which could le...

SolarWinds Serv-U 跨站脚本漏洞

SolarWinds Serv-U is an FTP File Transfer Protocol server software from the US-based SolarWinds Corporation. A cross-site scripting vulnerability exists in SolarWinds Serv-U version 15.4.2.3 and earlier, which stems from vulnerability to a cross-site scripting attack that allows an authenticated...

Data lost upon configuring folder redirection for existing user profiles

When Desktop folder redirection is configured for existing user profiles, User Profile Management UPM only transfers individual files from the user profile's Desktop folder to the redirected location, resulting in the deletion of all subfolders and their contents...

PT-2024-41070 · Мир Кт-51 +1 · Мир Кт-51 +1

Name of the Vulnerable Software and Affected Versions: МИР КТ-51 and МИР конфигуратора контроллеров affected versions not specified Description: The issue is related to the implementation of the FTP protocol, which transmits data in an open form. This could allow a remote attacker to disclose...

CVE-2024-25659

In Infinera TNMS Transcend Network Management System 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory...

Synology DiskStation Manager Use After Free (CVE-2021-27649)

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

The vulnerability of the File Transfer Protocol (FTP) implementation in the microprogrammed network devices of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN allows a perpetrator to execute arbitrary commands.

The vulnerability of the File Transfer Protocol FTP implementation in the microprogrammed network devices Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability...