Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is ...

Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is ...

IBM MQ Managed File Transfer 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ Managed File Transfer. An attacker could...

Security Bulletin: IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. (CVE-2022-42436)

Summary An issue was identified with IBM MQ Managed File Transfer where sensitive information was printed within diagnostics files. Vulnerability Details CVEID:CVE-2022-42436 DESCRIPTION: IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files...

PT-2023-19375 · Lightftp · Lightftp

Name of the Vulnerable Software and Affected Versions: LightFTP versions 1.0 through 2.2 LightFTP version 2.2 Description: A race condition in the software allows an attacker to achieve path traversal via a malformed FTP request. This occurs because a handler thread can use an overwritten...

New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild

Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency CIA's Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017. "This is the first time we caught a variant of the CIA Hive...

Zyxel AX7501-B0 后置链接漏洞

The Zyxel AX7501-B0 is a router from China Heqin Zyxel. A security vulnerability exists in Zyxel AX7501-B0 versions prior to V5.17ABPC.3C0. An attacker could exploit the vulnerability to access the root filesystem by creating a symbolic link on an external storage medium e.g., a USB flash drive a...

PT-2023-15973 · Sauter · Sauter Controls Nova 200–220 Series

Name of the Vulnerable Software and Affected Versions: SAUTER Controls Nova 200–220 Series versions 3.3-006 and prior BACnetstac versions 4.2.1 and prior Description: The issue affects device management, where sensitive information such as credentials is sent in cleartext through FTP and Telnet...

The vulnerability of the Web Server software on Schneider Electric’s programmable logic controllers, such as Modicon M340, Modicon Quantum, and Modicon Premium, allows attackers to disclose sensitive information or cause malfunctions in the equipment.

The vulnerability of the Web Server component of Schneider Electric’s programmable logic controllers—Modicon M340, Modicon Quantum, and Modicon Premium—is due to buffer overflow attacks. Exploiting this vulnerability allows an attacker to disclose sensitive information or cause service failures b...

Sauter AG Controls Nova 安全漏洞

Sauter AG Controls Nova is an intelligent building automation system from Sauter AG, Switzerland. A security vulnerability exists in Sauter AG Controls Nova 200-220 Series firmware version 3.3-006 and earlier and BACnetstac version 4.2.1 and earlier, which stems from the fact that only FTP and...

CVE-2022-46369

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting PXSS – vulnerability may allow inserting scripts into unspecified input fields...

CVE-2022-39187

Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting RXSS vulnerability through unspecified vectors...

Rumpus FTP Web File Manager 跨站请求伪造漏洞

Rumpus FTP Web File Manager is a file transfer server. A security vulnerability exists in Rumpus FTP Web File Manager version 9.0.7.1, which originates from a vulnerability that could allow unauthorized operation on behalf of an authenticated user...

PT-2023-14601 · Siemens · Sinec Ins

Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 1 Description: A vulnerability has been identified that allows an authenticated remote attacker with access to the Web Based Management 443/tcp and the SFTP server 22/tcp to potentially read and wri...

FTP 安全漏洞

FTP is a simple FTP client and server implementation by Rovin Bhandari, a personal developer. A security vulnerability in FTP version 96c1a35, which stems from the use of malloc instead of free, can be exploited by an attacker to cause a denial of service by engaging in client-side activity such ...

The vulnerability of the Huawei PCManager file transfer application lies in the incorrect limitation of the path name for the restricted access directory. This allows a perpetrator to move files along a specified path.

The vulnerability of the Huawei PCManager file transfer application lies in improper restrictions on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to transfer files through a specified path...

Restaurant platform SevenRooms confirms data breach

SevenRooms, a "guest experience and retention platform" for food establishments and hospitality organisations, has confirmed it has fallen victim to a third party vendor data breach. Mostly known for its customer management platform, Seven Rooms' breach came to light after stolen data was seen fo...

SolarWinds Serv-U FTP Server 授权问题漏洞

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the U.S. company SolarWinds. SolarWinds Serv-U FTP Server suffers from an authorization issue vulnerability that stems from the deployment of a common encryption key across all of its instances resulting in an...

ROS-20221216-02

A vulnerability in the Rsync file transfer and synchronization utility is related to authorization errors. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...

CVE-2022-46143

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data...