ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host

Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...

ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host

Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...

ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host

Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...

CVE-2022-24110

Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later...

Python 代码问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms.Proto is an open source, extensible program code template for creating objects. A code issue vulnerability exists i...

The vulnerability of the FTP server vsftpd, which stems from the lack of protection for transmitted data, allows attackers to carry out “man-in-the-middle” attacks.

The vulnerability of the FTP server vsftpd is related to the lack of protection for the data being transmitted. Exploiting this vulnerability allows a malicious actor to carry out a “man-in-the-middle” attack...

TeamViewer Information Disclosure Vulnerability (CNVD-2022-08218)

TeamViewer is a suite of software for remote control, desktop sharing and file transfer from the German company TeamViewer. TeamViewer suffers from an information disclosure vulnerability that stems from the software's lack of proper validation of user-supplied data, which could be exploited by a...

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

...

The vulnerability of the tftpd_file.c component of the client TFTP Atftp, related to copying buffers without checking input data, allows a perpetrator to cause a service failure.

The vulnerability of the tftpdfile.c component in the client TFTP/Atftp system is related to the copying of buffers without checking the input data. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

CVE-2022-22989

My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues...

CVE-2022-22989

My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues...

UBUNTU-CVE-2021-4189

A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...

CVE-2021-20163

Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page...

CVE-2021-35031

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device...

Lantronix PremierWave 2050 路径遍历漏洞

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. A security vulnerability exists in the Lantronix PremierWave 2050 due to a lack of effective restriction and filtering of directory access by the software-focused Web Manager FsTFtp feature. An attacker cou...

CVE-2021-42110

An issue was discovered in Allegro Windows formerly Popsy Windows before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking...

Fortinet FortiOS 缓冲区错误漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

SolarWinds Serv-U FTP Server 服务器 跨站请求伪造漏洞

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from SolarWinds, Inc. in the United States. A security vulnerability exists in Serv-U Server that stems from the Serv-U Server responding with a valid CSRFToken when a request contains only a Session...

Nanobrok - Web Service For Control And Protect Your Android Device Remotely

Web Service write in Python for control and protect yourandroid device remotely. The official app can be found on the PlayStore: NanobrokPro Nanobrok Community Overview Nanobrok-Server is powerful opensource webservice for control and protect your android device, written in Python, that allow and...

mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0...