Security Bulletin: IBM MQ is affected by a vulnerability in Apache Commons Net (CVE-2021-37533)

Summary IBM MQ Managed File Transfer is affected by a vulnerability in Apache Commons Net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusting the host from PASV...

The vulnerability of the FTP server PLC MKLogic-500, related to improper access control, allows a hacker to trigger a service failure.

The vulnerability of the FTP server PLC MKLogic-500 is related to improper access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

The vulnerability of the PLK MKLogic-500, related to insufficient control of FTP configuration parameters, allows a hacker to trigger a service failure.

The vulnerability of the MKLogic-500 PLC is related to insufficient control over the parameters used in the configuration of programmable logic controllers, which are set via FTP. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2023-0053

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could...

PT-2023-1684 · Mitsubishi · Melsec-Q Series +5

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC iQ-F Series versions all Mitsubishi Electric Corporation MELSEC iQ-R Series versions all Mitsubishi Electric Corporation MELSEC-Q Series versions all Mitsubishi Electric Corporation MELSEC-L Series...

New EX-22 Tool Empowers Hackers with Stealthy Ransomware Attacks on Enterprises

A new post-exploitation framework called EXFILTRATOR-22 aka EX-22 has emerged in the wild with the goal of deploying ransomware within enterprise networks while flying under the radar. "It comes with a wide range of capabilities, making post-exploitation a cakewalk for anyone purchasing the tool,...

CVE-2021-22283 MMS File Transfer Vulnerability impact on Distribution Automation products

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1...

[SECURITY] Fedora 36 Update: curl-7.82.0-13.fc36

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere_Managed_File_Transfer

CVE-2023-0669 This Repo contain the pcakages and scr...

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere_Managed_File_Transfer

CVE-2023-0669 This Repo contain the pcakages and scr...

Fortra GoAnywhere Managed File Transfer (MFT) < 7.1.2 Pre-Authentication Command Injection (CVE-2023-0669)

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote web server is 7.1.2. It is, therefore, affected by a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary...

IBM Aspera Faspex Cross-Site Scripting Vulnerability

IBM Aspera is an IBM FASP protocol-based fast file transfer and streaming solution from International Business Machines IBM. IBM Aspera Faspex version 4.4.1 contains a cross-site scripting vulnerability, which stems from a cross-site scripting vulnerability that could be exploited by an attacker ...

IBM Aspera Faspex Deserialization Vulnerability

IBM Aspera is an IBM FASP protocol-based fast file transfer and streaming solution from International Business Machines IBM. IBM Aspera Faspex version 4.4.2 Patch Level 1 and prior versions contain a deserialization vulnerability that stems from a YAML deserialization flaw. An attacker could use...

ProLink PRS1841 信任管理问题漏洞

The ProLink PRS1841 is a router from ProLink Singapore. A security vulnerability exists in the Prolink PRS1841 that stems from the IT Telnet and FTP services containing hard-coded credentials...

[SECURITY] Fedora 37 Update: curl-7.85.0-6.fc37

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2022-47986

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. T...

Palantir 信任管理问题漏洞

Palantir is a data platform from Palantir, Inc. that reimagines how people use data by removing the barriers between back-end data management and front-end data analysis. A security vulnerability exists in Palantir Magritte-ftp prior to version 9.466.0, which originates from a hostname in an...

SUSE CVE-2003-0254

Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service CPU consumption by infinite loop when the FTP proxy server fails to create an IPv6 socket...

SUSE CVE-2005-0967

Gaim 1.2.0 allows remote attackers to cause a denial of service application crash via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read...

SUSE CVE-2006-4310

Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service crash via a crafted FTP response, when attempting to connect with a username and password via the FTP URI...