PT-2020-4700 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue is related to inadequate access control in the FTP inspection...

CVE-2020-12504

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an acti...

IBM WebSphere MQ 8.0.0.x < 8.0.0.7 / 9.0.0.x < 9.0.0.2 / 9.0.x < 9.0.4 Multiple Vulnerabilities

According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version 8.0.0.x prior to 8.0.0.7, 9.0.x prior to 9.0.4 or 9.0.0.x prior to 9.0.0.2. It is, therefore, affected by multiple vulnerabilities: - A denial of service vulnerability. An...

CVE-2020-25636

A flaw was found in Ansible Base when using the awsssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service...

squid: Information Disclosure issue in FTP Gateway

A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...

Qiata FTA 1.70.19 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-024 Product: Qiata FTA Manufacturer: Secudos GmbH Affected Versions: ' by flipping the direction of the special character. Also, quotation marks are escaped properly. An attacker can use the behavior to construct a malicious...

curl: heap buffer overflow in function tftp_receive_packet()

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3...

httpd: mod_proxy_ftp use of uninitialized value

A flaw was found in Apache's HTTP server httpd .The modproxyftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality...

Fedora: Security Advisory for libssh (FEDORA-2020-ac3e29073f)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: libssh-0.9.5-1.fc33

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Ingenico Telium 2 POS Hardcoding Vulnerability

Ingenico Telium 2 POS is a cash register system. An FTP hard-coding vulnerability exists in Ingenico Telium 2 POS, which can be exploited by remote attackers to submit a special request for unauthorized access to FTP services...

CVE-2018-17771

Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N...

@zpmc/zwd-server (>=0.0.14 <=0.0.21) potentially affected by unknown CVE via ftp-srv (=4.1.0)

ftp-srv NPM version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on ftp-srv and may be impacted: - @zpmc/zwd-server =0.0.14, =0.0.21 Source cves: unknown CVE Source advisory: OSV:GHSA-R4M5-47CQ-6QG8...

CVE-2020-24056

A hardcoded credentials vulnerability exists in Verint 5620PTZ VerintFW042, Verint 4320 V4320FW023, V4320FW031, and Verint S5120FD VerintFW042units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols...

CVE-2019-20150

In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's...

[SECURITY] Fedora 32 Update: mingw-curl-7.71.1-1.fc32

cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, F...

vulscan

This is a Python-based web application for vulnerability scanning and management. Here's a summary of the key features and functionality: Overview The application is built using Django, a Python web framework, and is designed to provide a user-friendly interface for vulnerability scanning and...

Cisco SD-WAN vEdge 5000 Series Routers and SD-WAN vEdge Cloud Router Denial of Service Vulnerability

Cisco SD-WAN vEdge 5000 Series Routers are Cisco's SD-WAN solution routing devices. A denial-of-service vulnerability in the deep packet inspection DPI engine in Cisco SD-WAN vEdge 5000 Series Routers and SD-WAN vEdge Cloud Router, which stems from the program's failure to properly handle FTP...

CVE-2020-10288

IRC5 exposes an ftp server port 21. Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted...

Xxe

In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...