Security Bulletin: IBM WebSphere MQ File Transfer Edition Web Gateway vulnerable to CSRF attack (CVE-2012-3294)

Abstract A low risk security vulnerability in the "Web Gateway" component of IBM WebSphere MQ File Transfer Edition and WebSphere MQ - Managed File Transfer may be susceptible to a Cross Site Request Forgery attack. Content CVE ID: CVE-2012-3294 DESCRIPTION: When using the web gateway, an...

Security Bulletin: IBM WebSphere MQ File Transfer Edition Web Gateway insufficient access control (CVE-2012-2206)

Abstract A low risk security vulnerability in the "Web Gateway" component of IBM WebSphere MQ File Transfer Edition may result in authenticated users being able to access other users' file transfers. Content CVE ID: CVE-2012-2206 DESCRIPTION: When using the web gateway, an authenticated user is...

openssh bug fix update

An update is available for openssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...

PT-2022-6339 · Unknown · Mklogic-500

Name of the Vulnerable Software and Affected Versions: MKLogic-500 affected versions not specified Description: The issue is related to insufficient control of parameters used in the configuration of programmable logic controllers, which is set up via FTP. This could allow a remote attacker to...

CVE-2022-23767

This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereb...

CVE-2022-23767

This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereb...

Path traversal

This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereb...

CVE-2022-23767 SecureGate authentication bypass vulnerability

This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereb...

CVE-2022-23767

The CVE-2022-23767 entry concerns SecureGate with two identified weaknesses: a SQL injection via login without a password and a path traversal during file transfer. Across connected sources, the vulnerabilities affect SecureGate/WebLink implementations (e.g., SecureGate version 3.x in several rep...

HANSSAK SecureGate和WebLink SQL注入漏洞

HANSSAK SecureGate and HANSSAK WebLink are both products of HANSSAK Corporation of South Korea.HANSSAK SecureGate is a solution that provides the highest level of security for inter-network data transfer services in separated network environments.HANSSAK WebLink is a web linking software. A...

AirDisk 7.5.5 Cross Site Scripting

Exploit Title: AirDisk 7.5.5 File Manager Stored XSS Date: Sep 8, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424 Software Link: https://apps.apple.com/us/app/airdisk-file-manager/id566530748 Version: 7.5.5 Tested on: iPhone ios 15.6 ...

AirDisk 7.5.5 Cross Site Scripting Vulnerability

Exploit Title: AirDisk 7.5.5 File Manager Stored XSS Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424 Software Link: https://apps.apple.com/us/app/airdisk-file-manager/id566530748 Version: 7.5.5 Tested on: iPhone ios 15.6 1/ Starting the...

PT-2022-28282 · Unknown · Moment-Timezone

Name of the Vulnerable Software and Affected Versions: moment-timezone versions prior to 0.5.35 Description: The issue arises when using grunt data or grunt release to prepare a custom build of moment-timezone with the latest tzdata from IANA's website. If an attacker intercepts the request to...

curl: FTP-KRB bad message verification

A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client...

DEBIAN-CVE-2021-4189

A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...

curl: FTP-KRB bad message verification

A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client...

USN-5342-2 python2.7 vulnerabilities

USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this iss...

CVE-2022-30264

The CVE-2022-30264 issue affects Emerson ROC and FloBoss RTU lines (through 2022-05-02) where the ROC protocol on 4000/5000 TCP uses Opcode 203 to transfer files to/from flash, enabling arbitrary file read/write/delete. This constitutes insecure filesystem operations with high impact (confidentia...

USN-5160-1 mc vulnerability

It was discovered that Midnight Commander would not check server fingerprints when establishing an SFTP connection. If a remote attacker were able to intercept communications this flaw could be exploited to impersonate the SFTP server...

PT-2022-23713 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.7.3 Description: The administrative web interface of WS FTP Server contains multiple reflected cross-site scripting XSS vulnerabilities. A remote attacker can inject arbitrary JavaScript into a WS FTP...