Default credentials

The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5...

CVE-2022-30270

The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5...

WAVLINK WiFi-Repeater 安全漏洞

WAVLINK WiFi-Repeater is a WiFi range extender from China RuiYin Technology WAVLINK. A security vulnerability exists in WAVLINK WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 version. An attacker exploited the vulnerability to obtain the telnet password by accessing the tftp.txt page...

CVE-2022-28861

The server in Citilog 8.0 allows an attacker in a man in the middle position between the server and its smart camera Axis M1125 to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server...

PT-2022-19268 · Axis · Axis M1125

Name of the Vulnerable Software and Affected Versions: Citilog version 8.0 Description: The server in Citilog allows an attacker, in a man-in-the-middle position between the server and its smart camera Axis M1125, to see FTP credentials in cleartext HTTP traffic. These credentials can be used for...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in the following Fusion Middleware products: BI Publisher Business Intelligence Enterprise Edition Coherence Global Lifecycle Management NextGen OUI Framework HTTP Server Managed File Transfer Middleware Common Libraries and Tools Security Service SOA Suite...

DEBIAN-CVE-2022-32208

When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...

FTP-KRB bad message verification

When curl does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...

UBUNTU-CVE-2022-32208

When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...

CVE-2022-32278

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server...

CVE-2022-29620

FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability...

IBM Aspera Access Control Error Vulnerability

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from the U.S. IBM Aspera Faspex versions 4.4.1 and 5.0.0 have an access control error vulnerability that stems from a miscalculated security token, which could be exploited by an attacker for...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium arises from buffer overflows in the stack, allowing attackers to execute arbitrary commands.

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium arises due to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely by...

Open Automation Software Platform Engine SecureAddSecurity external config control vulnerability

Summary An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of...

GHSA-RFJ2-4G26-7JW5 Potentially compromised builds

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...

Potentially compromised builds

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...

[SECURITY] Fedora 34 Update: curl-7.76.1-16.fc34

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Utilizing the Adaptive Defense Model Against Information Stealers

Trellix Global Defenders: Utilizing the Adaptive Defense Model Against Information Stealers By Taylor Mullins · May 23, 2022 Trellix is continuing to observe the continued growth in usage and general availability of Information Stealers that have the functionality to collect passwords, cookies,...

CVE-2019-10249

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...

CVE-2022-29332

D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server...