The vulnerability of the FTP server function of microprogrammed logic controllers MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, SW1DNN-EIPCTFX5-BD allows a intruder to gain unauthorized access to protected information.

The vulnerability of the FTP server functions of microprogrammed logic controllers such as MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, and SW1DNN-EIPCTFX5-BD is related to the use of fixed password encoding. Exploiting this vulnerability can allow an intruder to gain unauthorized access to...

Cl0p ransomware gang claims first victims of the MOVEit vulnerability

On Friday June 2, 2023 we reported about a MOVEit Transfer vulnerability that was actively being exploited. If your organization uses MOVEit Transfer and you havent patched yet, it really is time to move it. Excuse the bad pun, but yesterday we saw the first victims of this vulnerability come...

IBM Aspera Cargo and IBM Aspera Connect Information Disclosure Vulnerability

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An information disclosure vulnerability exists in IBM Aspera Cargo and IBM Aspera Connect, which can be exploited by attackers to cause unauthorized...

MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited

A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is assigned the CVE identifier CVE-2023-34362, relates to a severe SQL injection vulnerability tha...

Mitsubishi Electric MELSEC 信任管理问题漏洞

The Mitsubishi Electric MELSEC iQ-R series and the Mitsubishi Electric MELSEC iQ-F series are both programmable logic controllers from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC that stems from the use of hard-coded passwords. An attacker could...

PT-2023-2998 · Mitsubishi · Melsec Iq-R Series Ethernet/Ip Module Rj71Eip91 +1

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 affected versions not specified Mitsubishi Electric Corporation MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP affected versions not specified Description: The...

PT-2023-3766 · Mitsubishi · Melsec Iq-F Series Ethernet/Ip Module Fx5-Enet/Ip +1

Name of the Vulnerable Software and Affected Versions: MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 affected versions not specified MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP affected versions not specified Description: The issue is related to an unrestricted upload of files with...

PT-2023-3007 · Mitsubishi · Melsec Iq-F Series Ethernet/Ip Module Fx5-Enet/Ip +1

Name of the Vulnerable Software and Affected Versions: MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 affected versions not specified MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP affected versions not specified Description: The issue is related to the use of hard-coded passwords in the FTP...

PT-2023-3094 · Mitsubishi · Melsec Iq-R Series Ethernet/Ip Module Rj71Eip91 +3

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP Description: The issue is related to...

[SECURITY] Fedora 37 Update: libssh-0.10.5-1.fc37

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

WFTPD 安全漏洞

WFTPD is an FTP service. A security vulnerability exists in WFTPD version 3.25 that stems from username and password hashes stored in a publicly viewable wftpd.ini configuration file in the WFTPD directory...

MobileTrans 4.0.11 Weak Service Permissions Vulnerability

Vendor Name: MobileTrans Product Name: MobileTrans Vendor Home Page: https://mobiletrans.wondershare.com/ Affected Versions: MobileTrans version 4.0.11 Vulnerability Type: Weak Service Permissions CWE-276 CVE Reference: CVE-2023-31748 Security Researcher: Thurein Soe Vulnerability description:...

China's Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks

The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023. An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom...

curl: FTP too eager connection reuse

A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic...

kernel: Linux kernel: Denial of Service due to memory allocation failure in vhost/vsock

A flaw was found in the Linux kernel's vhost/vsock component. A local user could trigger a memory allocation failure when copying large files over sftp SSH File Transfer Protocol over vsock virtual socket. This issue occurs because the kernel's kmalloc function fails to allocate sufficient memory...

[SECURITY] Fedora 38 Update: libssh-0.10.5-1.fc38

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

CVE-2023-1834

Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports...

Weston Embedded uC-FTPs 缓冲区错误漏洞

Weston Embedded uC-FTPs is a Micrium FTP File Transfer Protocol server from Weston Embedded. A security vulnerability exists in Weston Embedded uC-FTPs v 1.98.00, which stems from an out-of-bounds read vulnerability that could allow an attacker to send specially crafted network packets resulting ...

PT-2023-22483 · Genesys · Genesys Cic Polycom Phone Provisioning Tftp Server

Name of the Vulnerable Software and Affected Versions: Genesys CIC Polycom phone provisioning TFTP Server affected versions not specified Description: An issue was found that allows a remote attacker to execute arbitrary code via the login credentials to the TFTP server configuration page...

Weston Embedded uC-FTPs 缓冲区错误漏洞

Weston Embedded uC-FTPs is a Micrium FTP File Transfer Protocol server from Weston Embedded. A security vulnerability exists in Weston Embedded uC-FTPs v 1.98.00, which stems from an out-of-bounds read vulnerability that could allow an attacker to send specially crafted network packets resulting ...