Drag and then drop files between a Citrix session and a local endpoint

Citrix now supports Dragging and then dropping files between a Citrix session and a local endpoint. You can drag and then drop files, groups of files, directories, groups of directories, or a combination of files and directories to and from the same client on the session. This ability applies to ...

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

...

ALPINE-CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

DEBIAN-CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

ALPINE-CVE-2020-8285

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing...

DEBIAN-CVE-2020-8285

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing...

CVE-2020-5949

On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break...

CVE-2020-28220

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware All versions prior to V5.0.4.11 and SoMachine/SoMachine Motion software All versions, that could cause a buffer overflow when the length of a file transferred to the...

CVE-2020-7549

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause denial of HTTP and FTP...

Schneider Electric Modicon M340 代码问题漏洞

The Schneider Electric Modicon M340 is a mid-range PLC programmable logic controller for industrial processes and infrastructure from Schneider Electric, France. A code issue vulnerability exists in the Schneider Electric Modicon M340, which can be exploited by an attacker to compile a request to...

PT-2020-19625

Name of the Vulnerable Software and Affected Versions Modicon M340 versions affected versions not specified Modicon Quantum versions affected versions not specified Modicon Premium versions affected versions not specified Description A vulnerability exists in the Web Server of the affected device...

Serious Vulnerabilities in Dualog Connection Suite

TL;DR The flaws found in this maritime comms and connection suite were many, and not insignificant: Directory traversal 2FA challenge/response is performed in a client-side application Default install password SQL injection User data leakage Easily brute forcible password hashes Introduction Duri...

JVN#12884935: FileZen vulnerable to directory traversal

FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains a directory traversal vulnerability CWE-22. Impact A remote attacker may upload an arbitrary file in the specific directory in the product. If a specialy...

USN-4665-2 curl vulnerabilities

USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to tric...

trusting FTP PASV responses

When curl performs a passive FTP transfer, it first tries the EPSV command and if that is not supported, it falls back to using PASV. Passive mode is what curl uses by default. A server response to a PASV command includes the IPv4 address and port number for the client to connect back to in order...

FTP wildcard stack overflow

libcurl offers a wildcard matching functionality, which allows a callback set with CURLOPTCHUNKBGNFUNCTION to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns...

HAXX libcurl security vulnerability

HAXX Haxx libcurl is a free, open source client-side URL transport library from the Swedish company HAXX. The library supports FTP, FTPS, TFTP, HTTP and more. A security vulnerability exists in HAXX libcurl, which can be exploited by an attacker to trigger a denial of service by triggering a fata...

HAXX libcurl Information Disclosure Vulnerability

HAXX Haxx libcurl is a free, open source client-side URL transport library from the Swedish company HAXX. The library supports FTP, FTPS, TFTP, HTTP and more. Haxx curl FTP PASV Responses An information disclosure vulnerability exists, which can be exploited by an attacker to bypass access...

SUSE SLED15 / SLES15 Security Update : spice-vdagent (SUSE-SU-2020:3268-1)

This update for spice-vdagent fixes the following issues : Security issues fixed : CVE-2020-25650: Fixed a memory DoS via arbitrary entries in activexfers hash table bsc1177780. CVE-2020-25651: Fixed a possible file transfer DoS and information leak via activexfers hash map bsc1177781...

CLSA-2020-1608724009 Fix of CVE: CVE-2020-8284

trusting FTP PASV responses CVE-2020-8284...