@angular-devkit/build-angular (>=17.1.0-next.1 <=18.0.0-next.1), @directus/api (>=15.0.0 <=19.0.2) +25 more potentially affected by CVE-2024-30260 via undici (>=6.0.1 <=6.10.2)

undici NPM version =6.0.1, =17.1.0-next.1, =15.0.0, =10.0.15, =1.0.7, =18.0.0-next.3, =18.0.0-next.3, =1.0.0-alpha.22, =1.0.0-alpha.22, =1.0.0-alpha.22, =1.0.5, =1.0.6 and more Source cves: CVE-2024-30260 Source advisory: OSV:GHSA-M4V8-WQVR-P9F7...

PT-2024-2953

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 6.4.3 WordPress versions 6.3.3, 6.2.4, 6.1.5, 6.0.7, 5.9.9, 5.8.9, 5.7.11, 5.6.13, 5.5.14, 5.4.15, 5.3.17, 5.2.20, 5.1.18, 5.0.21, 4.9.25, 2.8.24, 4.7.28, 4.6.28, 4.5.31, 4.4.32, 4.3.33, 4.2.37, and 4.1.40 Descripti...

DJI Mavic 安全漏洞

DJI Mavic is a series of drones from Chinese company DJI. A security vulnerability exists in the DJI Mavic Mini 3 Pro that stems from the presence of an incorrect input validation issue that allows an attacker to craft malicious packets leading to a denial of service attack on the FTP service...

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to nimbus-jose-jwt.

Summary nimbus-jose-jwt is used by IBM Sterling Connect:Direct for UNIX in file transfer. IBM Sterling Connect:Direct for UNIX is impacted by vulnerability in nimbus-jose-jwt. IBM Sterling Connect:Direct for UNIX has upgraded nimbus-jose-jwtto version 9.37.3 to address the issues. Vulnerability...

PT-2024-21969 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: Dlink Dir-3040us A1 version 1.20b03a hotfix Description: The issue allows any user with read/write access to the ftp server to write directly to ram, causing a buffer overflow if the uploaded file or files exceed the available ram. The ftp...

PT-2024-2603 · Dji · Dji Mavic Mini 3 Pro

Name of the Vulnerable Software and Affected Versions: DJI Mavic Mini 3 Pro affected versions not specified Description: The issue is related to an Improper Input Validation vulnerability in the FTP service. It could allow an attacker to craft a malicious packet with a malformed path provided to...

IBM Sterling Secure Proxy Information Disclosure Vulnerability (CNVD-2024-14665)

IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. An information disclosure vulnerability exists in IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0, which...

IBM Sterling Secure Proxy Cross-Site Scripting Vulnerability (CNVD-2024-15368)

IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A cross-site scripting vulnerability exists in IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0, which stems...

PT-2024-2575 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system...

Fedora: Security Advisory for jsch (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Aspera Input Validation Error Vulnerability

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An input validation error vulnerability exists in IBM Aspera Faspex versions 5.0.0 and 5.0.1, which stems from incorrect input validation of the HOST header a...

[SECURITY] Fedora 40 Update: jsch-0.1.55-16.fc40

JSch allows you to connect to an sshd server and use port forwarding, X11 forwarding, file transfer, etc., and you can integrate its functionality into your own Java programs...

IBM Sterling Connect:Express for UNIX Buffer Overflow Vulnerability

IBM Sterling Connect:Express for UNIX is a file transfer solution for the UNIX platform from International Business Machines IBM. A buffer overflow vulnerability exists in IBM Sterling Connect:Express for UNIX version 1.5.0, which originates from the program's failure to properly validate the...

Moukthar - Android Remote Administration Tool

Remote adminitration tool for android Features Notifications listener SMS listener Phone call recording Image capturing and screenshots Persistence Read & write contacts List installed applications Download & upload files Get device location Installation Clone repository console git clone...

RKS - A Script To Automate Keystrokes Through A Graphical Desktop Program

A script to automate keystrokes through an active remote desktop session that assists offensive operators in combination with living off the land techniques. About RKS RemoteKeyStrokes All credits goes to nopernik for making it possible so I took it upon myself to improve it. I wanted something...

The vulnerability of the File Transfer Protocol (FTP) implementation in the microprogrammed networking devices of ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, USG FLEX H, and ATP allows a perpetrator to execute arbitrary commands.

The vulnerability of the File Transfer Protocol FTP implementation in microprogrammed network devices such as ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, USG FLEX H, and ATP lies in the lack of measures to neutralize special elements used in operating system commands during the loading of binary...

Design/Logic Flaw

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621...

BackDoorSim - An Educational Into Remote Administration Tools

BackdoorSim is a remote administration and monitoring tool designed for educational and testing purposes. It consists of two main components: ControlServer and BackdoorClient. The server controls the client, allowing for various operations like file transfer, system monitoring, and more. Disclaim...

The vulnerability of the FTP intrusion detection module of Cisco Firepower Threat Defense (FTD) allows a hacker to bypass existing security restrictions.

The vulnerability of the FTP intrusion detection module of Cisco Firepower Threat Defense FTD is related to insufficient detection or processing of adverse input disturbances. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...

PT-2024-18078 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8.5 Description: Reflected cross-site scripting issues have been identified on various user-supplied inputs on the WS FTP Server administrative interface. Recommendations: For WS FTP Server versions prior to...