Weston Embedded uC-FTPs 缓冲区错误漏洞

Weston Embedded uC-FTPs is a Micrium FTP File Transfer Protocol server from Weston Embedded. A security vulnerability exists in Weston Embedded uC-FTPs v 1.98.00, which stems from an out-of-bounds read vulnerability that could allow an attacker to send specially crafted network packets resulting ...

curl: FTP too eager connection reuse

A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic...

kernel: Linux kernel: Denial of Service due to memory allocation failure in vhost/vsock

A flaw was found in the Linux kernel's vhost/vsock component. A local user could trigger a memory allocation failure when copying large files over sftp SSH File Transfer Protocol over vsock virtual socket. This issue occurs because the kernel's kmalloc function fails to allocate sufficient memory...

USN-6037-1 Apache Commons Net vulnerability

ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private...

CVE-2023-28089

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...

CVE-2023-27105

A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal...

CVE-2023-27105

A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal...

Directory traversal

A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal...

The vulnerability of the FTP service for operating system network storage devices like My Cloud OS allows a hacker to gain full access to the device and execute arbitrary code.

The vulnerability of the FTP service in operating system network storage devices like My Cloud OS is related to incorrect restrictions on the path to the restricted access directory. Exploiting this vulnerability could allow an attacker to gain full access to the device and execute arbitrary code...

Hewlett Packard Enterprise OneView 安全漏洞

Hewlett Packard Enterprise OneView is a software from Hewlett Packard Enterprise that facilitates automated device management for IT departments. A security vulnerability exists in Hewlett Packard Enterprise OneView prior to version 8.2, which stems from a device dump that could expose the FTP...

CVE-2023-27105

CVE-2023-27105 affects Shanling M5S (MTouch OS v4.3) and Shanling M2X (MTouch OS v3.3). The Wi‑Fi file transfer module is vulnerable to directory traversal, allowing attackers to read, delete, or modify any critical system files. CVSS v3.1 score 9.8 (CRITICAL). Mitigation per PT Security guidance...

PT-2023-20956 · Shanling · Shanling M5S +2

Name of the Vulnerable Software and Affected Versions: Shanling M5S Portable Music Player with Shanling MTouch OS version 4.3 Shanling M2X Portable Music Player with Shanling MTouch OS version 3.3 Description: A vulnerability in the Wi-Fi file transfer module allows attackers to arbitrarily read,...

CVE-2023-27105

A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal...

CVE-2023-27105

A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal...

CLSA-2023-1682348615 curl: Fix of CVE-2023-27534

CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix read off end of array for SCP home directory case...

CLSA-2023-1682348435 curl: Fix of CVE-2023-27534

CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix resolving SCP relative path...

New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web

A new "all-in-one" stealer malware named EvilExtractor also spelled Evil Extractor is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "I...

CVE-2022-38125

Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager FTP Agent modules allows Exploiting Trust in Client...

PT-2023-13594 · Secomea · Secomea Sitemanager

Name of the Vulnerable Software and Affected Versions: Secomea SiteManager affected versions not specified Description: The issue is related to an Improper Restriction of Communication Channel to Intended Endpoints, which allows exploiting trust in the client. This is specifically concerning the...

CVE-2023-25552

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert V7.9.2...