3498 matches found
CVE-2019-10249
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...
CVE-2022-29332
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server...
GHSA-M6H2-634H-JCPJ Designate mDNS DoS through incorrect handling of large RecordSets
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service infinite loop via a crafted resource record s...
GHSA-X9FV-C87W-55WC Improper Control of Generation of Code in Apache Camel
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple" in a CamelFileName message header to a 1 FILE or 2 FTP producer...
CVE-2021-27771
User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID SID. This value is also used when sending chat messages,...
CVE-2021-27771 HCL Sametime is susceptible a file transfer service vulnerability
User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID SID. This value is also used when sending chat messages,...
CVE-2021-27771
CVE-2021-27771 affects HCL Sametime (version 11.6 per CNVD) where an attacker can modify the user SID stored in cookies to trigger arbitrary file upload or deletion of directories, leading to a Denial of Service. The vulnerability arises from SID handling within the Sametime chat/file transfer fl...
ZTE ZXMP M721 权限许可和访问控制问题漏洞
The ZTE ZXMP M721 is a metro edge OTN Optical Transport Network device from ZTE Corporation ZTE in China.The ZTE ZXMP M721 has a privilege and access control vulnerability, which stems from the fact that the folder privilege viewed by sftp is 666, which is inconsistent with the actual privilege,...
CVE-2022-29932
The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 File Transfer allows an unauthenticated attacker to obtain sensitive data related to the content of transferred files via a crafted HTTP request...
CVE-2022-29932
The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 File Transfer allows an unauthenticated attacker to obtain sensitive data related to the content of transferred files via a crafted HTTP request...
CVE-2022-29932
The CVE-2022-29932 entry affects PRIMEUR SPAZIO 2.5.1.954 (File Transfer). The HTTP Server component allows an unauthenticated attacker to obtain sensitive data related to the content of transferred files through a crafted HTTP request. This is the explicit vulnerability described in CVE records ...
CVE-2022-20113
In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20113
In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Code injection
In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20113
In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20113
CVE-2022-20113 affects Android 12/12L via a logic error in mPreference of DefaultUsbConfigurationPreferenceController.java that could enable file transfer mode, enabling local elevation of privilege with no extra execution privileges and no user interaction required. Documented impact is high (CV...
CVE-2022-22774
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerabili...
Xxe
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerabili...
python: ftplib should not use the host from the PASV response
A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...
python: ftplib should not use the host from the PASV response
A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...