Trusting FTP PASV responses vulnerability in Net::FTP

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...

SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know

On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 released May 5, 2021 and all prior versions. Successful exploitation of CVE-2021-35211 could enable an attacker to gai...

Vulnerability of the ftpd/popen component of the ftpd service on FreeBSD and OpenBSD operating systems, allowing attackers to cause service failures.

The vulnerability of the ftpd/popen component of the ftpd service in FreeBSD and OpenBSD is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2021-33540

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists...

DEBIAN-CVE-2021-24002

When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Synology DiskStation Manager Post-Release Reuse Vulnerability (CNVD-2021-45739)

DiskStation Manager DSM is an operating system that runs on all Synology NAS and can be operated through an intuitive web interface. A post-release reuse vulnerability exists in the File Transfer Protocol component in Synology DiskStation Manager versions prior to 6.2.3-25426-3. A remote attacker...

CVE-2021-27649

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2021-27649

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors...

Design/Logic Flaw

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2021-27649

CVE-2021-27649 affects Synology DiskStation Manager (DSM) via a use-after-free in the DSM File Transfer Protocol component. The vulnerability allows remote code execution on DSM versions prior to 6.2.3-25426-3. Evidence from multiple sources (NVD, CNVD, Tenable OT/OSS plugin references, OpenVAS e...

CVE-2021-27649

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors...

Synology DiskStation Manager 资源管理错误漏洞

DiskStation Manager DSM is an operating system that runs on all Synology NAS and can be operated through an intuitive web interface. A post-release reuse vulnerability exists in the File Transfer Protocol component in Synology DiskStation Manager versions prior to 6.2.3-25426-3. A remote attacker...

PT-2021-17581 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-3 Description: The issue is related to a use after free vulnerability in the file transfer protocol component. This allows remote attackers to execute arbitrary code via unspecifi...

Exploitation of Accellion File Transfer Appliance

Summary This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,1 New Zealand,2 Singapore,3 the United Kingdom,4 and the United States.56 These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance...

curl: FTP PASV command response can cause curl to connect to arbitrary host

A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...

curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used

Libcurl offers a wildcard matching functionality, which allows a callback set with CURLOPTCHUNKBGNFUNCTION to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns...

curl: FTP PASV command response can cause curl to connect to arbitrary host

A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...

curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used

Libcurl offers a wildcard matching functionality, which allows a callback set with CURLOPTCHUNKBGNFUNCTION to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns...

Ukrainian Police Nab Six Tied to CLOP Ransomware

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOPs victims this year alone include Stanford University Medical School, the University of...

Raonwiz DEXT5 has an unspecified vulnerability

Raonwiz DEXT5 is a set of HTML5-based file transfer solution from Raonwiz Korea. The product supports encrypted file transfer, form building and other features. A security vulnerability exists in versions prior to Raonwiz DEXT5 Editor 3.5.1405747.1100.03, which can be exploited by attackers to...