CVE-2024-6805

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions...

CVE-2024-6805

The CVE-2024-6805 entry concerns NI VeriStand Gateway missing authorization checks when an actor accesses File Transfer resources (IFileTransferServer / ProjectServer surface). Affected product: NI VeriStand 2024 Q2 and prior versions. Impact stated in sources includes information disclosure and ...

CVE-2024-6805 Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions...

CVE-2024-6805 Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions...

PT-2024-37876 · National Instruments · Ni Veristand

Name of the Vulnerable Software and Affected Versions: NI VeriStand versions 2024 Q2 and prior Description: The issue is related to missing authorization checks when accessing File Transfer resources, potentially leading to information disclosure or remote code execution. Recommendations: For NI...

CVE-2024-6421

An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service...

PT-2024-37614 · Pepperl+Fuchs · Oit1500-F113-B12-Cb +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An unauthenticated remote attacker can read out sensitive device information through an incorrectly configured FTP service. There is no information...

CVE-2024-36059

Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol...

CVE-2024-36059

Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol...

CVE-2024-36059

Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol...

CVE-2024-36059

CVE-2024-36059 affects Kalkitech ASE ASE61850 IEDSmart

CVE-2024-29954

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...

VulnCheck KEV: CVE-2024-5806

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.v...

SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 CVSS score: 8.6, concerns a directory transversal bug that could allow attackers to read sensitive fil...

The vulnerability of the TIBCO Managed File Transfer Platform Server stems from deficiencies in authentication procedures. This allows attackers to circumvent security restrictions, increase their privileges, and execute arbitrary commands.

The vulnerability of the TIBCO Managed File Transfer Platform Server is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions using the user’s identifier and password, thereby increasing their privileges and...

TIBCO Security Advisory: May 28, 2024 - TIBCO Managed File Transfer Platform Server for Unix - CVE-2024-4407

TIBCO Managed File Transfer Platform Server for Unix and z/Linux privilege escalation vulnerability Original release date: May 28, 2024 Last revised: --- CVE-2024-4407 Source: TIBCO Software Inc. Products Affected TIBCO Managed File Transfer Platform Server for Unix versions 8.0.0, 8.0.1, 8.1.0,...

Progress Software Progress MOVEit Automation 安全漏洞

Progress Software Progress MOVEit Automation is a suite of hosted file transfer software from Progress Software, USA. The software supports features such as sensitive data transfer and workflow automation. A security vulnerability exists in Progress Software Progress MOVEit Automation that stems...

Cerberus FTP Enterprise 资源管理错误漏洞

Cerberus FTP Server is a Windows-based FTP server from Cerberus, Inc. that supports FTP sessions encrypted via FTPS and SFTP. A resource management error vulnerability exists in Cerberus FTP Enterprise version 8.0.10.3, which stems from the presence of a denial of service DoS vulnerability...

GHSA-23J4-MW76-5V7H Scrapy allows redirect following in protocols other than HTTP

Impact Scrapy was following redirects regardless of the URL protocol, so redirects were working for data://, file://, ftp://, s3://, and any other scheme defined in the DOWNLOADHANDLERS setting. However, HTTP redirects should only work between URLs that use the http:// or https:// schemes. A...

PT-2024-40004 · Scrapy · Scrapy

Name of the Vulnerable Software and Affected Versions: Scrapy versions prior to 2.11.2 Description: The issue allows a malicious actor with write access to the start requests and read access to the spider output to exploit the vulnerability. This can be done by redirecting to any local file using...