SolarWinds Serv-U FTP Server Access Control Error Vulnerability

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the US-based SolarWinds Corporation. An access control error vulnerability exists in versions of SolarWinds Serv-U FTP Server prior to 15.4 HF2, which stems from an attacker being able to bypass multi/two-factor...

PT-2023-4877 · Jscape · Jscape Mft Server

Name of the Vulnerable Software and Affected Versions: JSCAPE MFT Server versions prior to 2023.1.9 Description: The issue is related to unsafe deserialization in the JSCAPE MFT Server, which allows an attacker to execute arbitrary Java code, including OS commands, via its management interface...

mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0...

Advisory ROSA-SA-2023-2230

Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: rsync-3.1.3.src.rpm CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...

CVE-2023-4019

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases...

CVE-2023-3489

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS...

Brocade Fabric OS 安全漏洞

Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. A security vulnerability exists in Brocade Fabric OS version v9.2.0, which stems from the fact that when performing a downgrade from Fabric OS v9.2.0 to any earlier version ...

The vulnerability of the file transfer protocol implementation of the Cisco NX-OS operating system for Cisco Nexus series 3000 and 9000 switches allows a perpetrator to upload or overwrite arbitrary files.

The vulnerability of the file transfer protocol implementation of the Cisco NX-OS operating system for Cisco Nexus series 3000 and 9000 switches is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to upload or re-write any files as desired...

CVE-2023-40708

The File Transfer Protocol FTP port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files...

Design/Logic Flaw

The File Transfer Protocol FTP port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files...

PT-2023-27606 · Opto 22 · Snap Pac S1 Firmware

Name of the Vulnerable Software and Affected Versions: SNAP PAC S1 Firmware version R10.3b Description: The File Transfer Protocol FTP port is open by default, which could allow an adversary to access some device files. Recommendations: For SNAP PAC S1 Firmware version R10.3b, consider disabling...

CVE-2023-20115

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is d...

USN-6304-1: Inetutils vulnerabilities

It was discovered that telnetd in GNU Inetutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS CVE-2022-39028 It was discovered that Inetutils incorrectly handled certain inputs. An...

编号撤回

dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. This CVE number has been withdrawn...

vsftpd 安全漏洞

vsftpd is an FTP File Transfer Protocol server for Unix-like systems. A security vulnerability exists in vsftpd version 3.0.3, which originated from allowing an attacker to cause a denial of service due to a limited number of allowed connections...

GNU Inetutils 安全漏洞

GNU Inetutils is a collection of network tools from the GNU Project that contains common network management programs such as traceroute, hostname, ifconfig, and others. The toolset is mainly used for functions such as network diagnostics, configuration and system information query. An elevation o...

IBM Sterling Connect:Direct Encryption Issue Vulnerability

IBM Sterling Connect:Direct is a file-based, peer-to-peer file transfer solution from International Business Machines IBM. IBM Sterling Connect:Direct suffers from an encryption issue vulnerability that stems from the use of weak encryption algorithms, which could be exploited by an attacker to...

SolarWinds Serv-U FTP Server Access Control Error Vulnerability

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the U.S. company SolarWinds. An access control error vulnerability exists in SolarWinds Serv-U FTP Server version 15.4, which can be exploited by an attacker to bypass multi-factor/two-factor authentication...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

The vulnerability of the SFTP Secure File Transfer Protocol implementation in the BioTime time management web platform allows a violator to write arbitrary files.

The vulnerability of the SFTP Secure File Transfer Protocol implementation in the BioTime time-off management web platform is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a remote attacker to write arbitrary files...