Unable to copy files from sessions to local Mac device using clipboard virtual channel

Clipboard virtual channel does not support copying afile or a folderfrom a session to your local device and vice versa...

CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...

The vulnerability of the FTP protocol implementation on the StarOS operating system on Cisco ASR 5000 routers allows a hacker to gain unauthorized access to protected information.

The vulnerability of the FTP SFTP protocol implementation on the StarOS operating system of Cisco ASR 5000 routers is related to errors in link processing. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information from a remote location...

OS command injection vulnerability in multiple Infoscience Corporation log management tools

Overview Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value...

Backdoor.Win32.Wollf.c Hardcoded Backdoor Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/91c02a95839a76a5d2e335cded7112a9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.c Vulnerability: Hardcoded Backdoor Password Description: The backdoor creates ...

Oracle Business Process Management Suite (Jan 2021 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by the following vulnerabilities as referenced in the January 2021 CPU advisory: - An XML External Entity XXE vulnerability exists in the dom4j library which allows DTDs and external entities by...

Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)

Exploit Title: Inteno IOPSYS 3.16.4 - root filesystem access via sambashare Authenticated Date: 2020-03-29 Exploit Author: Henrik Pedersen Vendor Homepage: https://intenogroup.com/ Version: Iopsys -p -k Requires: impacket websocket-client On Windows: pyreadline """ def ubusAuthhost, username,...

CVE-2021-1145

A vulnerability in the Secure FTP SFTP of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The...

CVE-2020-35801

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to...

Teamamaze Amazefilemanager Security Vulnerability

Teamamaze Amazefilemanager is a file manager application from Teamamaze team for Android devices. A security vulnerability exists in the Teamamaze Amazefilemanager application prior to version 3.4.2, which stems from an intent to control an FTP server that is not properly restricted...

Updated spice-vdagent package fixes security vulnerabilities

Matthias Gerstner discovered that SPICE vdagent incorrectly handled the activexfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service CVE-2020-25650. Matthias Gerstner discovered that SPICE vdagent incorrectly...

CVE-2020-24578

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files such as the password hash file...

Serious vulnerabilities fixed in Dell Wyse ThinOS

Vulnerabilities have been fixed in Dell Wyse ThinOS. A malicious person with access to a local FTP server could exploit the vulnerabilities to obtain sensitive information. The malicious party, by accessing this information and the ability to modify configuration files, the entire system. Dell ha...

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices

A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provide...

[SECURITY] Fedora 32 Update: curl-7.69.1-7.fc32

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2020-0473

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution...

CVE-2020-0473

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution...

Design/Logic Flaw

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution...

CVE-2020-0473

CVE-2020-0473 is an Android 11-related issue in Bluetooth: in updateIncomingFileConfirmNotification of BluetoothOppNotification.java, a permissions bypass could allow a local escalation of privilege. With physical possession of the device, an attacker could transfer files over Bluetooth without a...

CVE-2020-0473

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution...