CVE-2022-46143

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data...

CVE-2022-38337

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...

CVE-2022-38336

An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication...

Mobatek MobaXterm 信任管理问题漏洞

Mobatek MobaXterm is a suite of terminal software from the French company Mobatek that integrates an enhanced terminal, an X server and a Unix command set GNU/Cygwin. A security vulnerability exists in Mobatek MobaXterm versions prior to v22.1, which originates when aborting an SFTP connection,...

PT-2022-24374 · Mobaxterm · Mobaxterm

Name of the Vulnerable Software and Affected Versions: MobaXterm versions prior to 22.1 Description: An access control issue allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. Recommendations: For versions prior to 22.1, update to version 22.1...

UBUNTU-CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

Apache Commons Net 输入验证错误漏洞

Apache Commons Net is the United States Apache Apache company a library. It implements many of the basic Internet Protocol clients. An input validation error vulnerability exists in Apache Commons Net versions prior to 3.9.0, which stems from the fact that the Net's FTP client trusts a host from ...

CVE-2022-2640

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol FTP and Hypertext Transfer Protocol HTTP...

Horner Automation Remote Compact Controller 加密问题漏洞

The Horner Automation Remote Compact Controller Horner Automation RCC is a compact controller from Horner Automation, USA. A vulnerability exists in Horner Automation Remote Compact Controller 972 firmware version 15.40 due to an encryption issue in the configuration file using weak XOR encryptio...

PT-2022-25311 · Mitsubishi · Got2000 Series Gt23 +2

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior Mitsubishi Electric GOT2000 Series GT23 model FTP server versions...

IOBit IOTransfer 代码问题漏洞

IOBit IOTransfer is an easy-to-use iOS file transfer tool, phone cleaner, and video downloader from IOBit. Easily transfer/synchronize/move/backup photos, music, videos, contacts and more. A security vulnerability exists in version V4 of IOBit IOTransfer, which stems from its unquoted service pat...

CVE-2022-42965

An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented getfiletransfertype method...

Design/Logic Flaw

An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented getfiletransfertype method...

WiFi File Transfer 1.0.8 Cross Site Scripting

Document Title: =============== WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2322 Release Date: ============= 2022-10-17 Vulnerability Laboratory ID VL-ID:...

CVE-2022-38371

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 =...

CVE-2022-38371

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 =...

PT-2022-24394 · Mentor Graphics +1 · Nucleus Net For Nucleus Plus V1 +17

Name of the Vulnerable Software and Affected Versions: APOGEE MBC PPC BACnet versions All APOGEE MBC PPC P2 Ethernet versions All APOGEE MEC PPC BACnet versions All APOGEE MEC PPC P2 Ethernet versions All APOGEE PXC Compact BACnet versions prior to V3.5.7 APOGEE PXC Compact P2 Ethernet versions...

Siemens Nucleus NET和Siemens Nucleus ReadyStart 资源管理错误漏洞

Siemens Nucleus NET and Siemens Nucleus ReadyStart are both products of Siemens AG, Germany. Siemens Nucleus NET is a Siemens Nucleus Network. Siemens Nucleus ReadyStart is a bundled solution. It is a bundled solution for accelerating the fast startup of complete systems and provides a rich set o...

Security Bulletin: IBM WebSphere MQ File Transfer Edition Web Gateway vulnerable to CSRF attack (CVE-2012-3294)

Abstract A low risk security vulnerability in the "Web Gateway" component of IBM WebSphere MQ File Transfer Edition and WebSphere MQ - Managed File Transfer may be susceptible to a Cross Site Request Forgery attack. Content CVE ID: CVE-2012-3294 DESCRIPTION: When using the web gateway, an...

Security Bulletin: IBM WebSphere MQ File Transfer Edition Web Gateway insufficient access control (CVE-2012-2206)

Abstract A low risk security vulnerability in the "Web Gateway" component of IBM WebSphere MQ File Transfer Edition may result in authenticated users being able to access other users' file transfers. Content CVE ID: CVE-2012-2206 DESCRIPTION: When using the web gateway, an authenticated user is...