3492 matches found
Directory traversal
MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit this by connecting to the MX Transfer session as a "sender" and sending a MessageType of "FILELIST" with a...
SolarWinds Serv-U FTP Server Input Validation Error Vulnerability
SolarWinds Serv-U FTP Server is a set of U.S. SolarWinds FTP and MFT file transfer software. A security vulnerability exists in SolarWinds Serv-U FTP Server versions prior to 15.2.1 that stems from the server not validating parameter paths. No details of the vulnerability are provided at this tim...
SolarWinds Serv-U FTP Server Code Injection Vulnerability
SolarWinds Serv-U FTP Server is a set of U.S. SolarWinds FTP and MFT file transfer software. A security vulnerability exists in SolarWinds Serv-U FTP Server versions prior to 15.2.1. A remote attacker can exploit the vulnerability to execute commands...
Unspecified Vulnerability in Monsta FTP
Monsta FTP is a lightweight file manager from Monsta New Zealand. It supports file transfer, file management and document editing. A security vulnerability exists in Monsta FTP 2.10.1 and earlier versions, which originates from an external user being able to control the paths used in file system...
Monsta FTP Server-Side Request Forgery Vulnerability
Monsta FTP is a lightweight file manager from Monsta New Zealand. It supports file transfer, file management and document editing. A server-side request forgery vulnerability exists in Monsta FTP 2.10.1 and earlier versions, which stems from the program's insufficient restriction of Web crawling...
CVE-2020-14056
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services...
CVE-2020-5907
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell tmsh may be able to conduct arbitrary file read/writes via the built-in sftp functionality...
TIBCO Software Managed File Transfer Command Center and Internet Server Cross-Site Scripting Vulnerability
TIBCO Software Managed File Transfer Command Center and TIBCO Software Managed File Transfer Internet Server are both products of TIBCO Software, Inc.TIBCO Software Managed File Transfer Command Center is an enterprise file transfer management solution. TIBCO Software Managed File Transfer Comman...
TIBCO Software Managed File Transfer Command Center and Internet Server Cross-Site Scripting Vulnerability (CNVD-2021-39542)
TIBCO Software Managed File Transfer Command Center and TIBCO Software Managed File Transfer Internet Server are both products of TIBCO Software, Inc.TIBCO Software Managed File Transfer Command Center is an enterprise file transfer management solution. TIBCO Software Managed File Transfer Comman...
CVE-2020-9414
The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user...
CVE-2020-9414
The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user...
CVE-2020-9413
The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrar...
Design/Logic Flaw
The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user...
Design/Logic Flaw
The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrar...
CVE-2020-9414 TIBCO Managed File Transfer reflected XSS vulerability
The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user...
CVE-2020-9414
The connected CNVD entry confirms a cross-site scripting vulnerability in TIBCO Managed File Transfer Command Center and Internet Server (MFT admin service) affecting 8.2.1 and earlier. An authenticated user with specific permissions could exploit XSS to obtain another user’s session identifier, ...
CVE-2020-9413
CVE-2020-9413 affects TIBCO Managed File Transfer Command Center (CC) and Internet Server (IS) up to version 8.2.1 and earlier. The vulnerability resides in the MFT Browser file transfer and MFT Browser admin client components, allowing an attacker to craft a URL that, when visited by an authenti...
CVE-2020-9413 TIBCO Managed File Transfer reflected XSS vulerability
The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrar...
CVE-2020-12043
The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24 when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted...
CVE-2020-12047
The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24, when used with a Baxter Spectrum v8.x model 35700BAX2 in a factory-default wireless configuration enables an FTP service with hard-coded credentials...