3492 matches found
CVE-2020-9411 TIBCO Managed File Transfer Platform Server for IBM i Authentication Bypass
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This...
TIBCO Security Advisory: June 9, 2020 - TIBCO Managed File Transfer PlatformServer for IBMi
TIBCO Managed File Transfer Platform Server for IBM i Authentication Bypass Original release date: June 9, 2020 Last revised: CVE-2020-9411 Source: TIBCOSoftware Inc. TIBCO Managed File Transfer Platform Server for IBM i Authentication Bypass Original release date: June 9, 2020 Last revised: ---...
Codeorigin Sysax Multi Server Path Traversal Vulnerability
Codeorigin Sysax Multi Server is an FTP File Transfer Protocol server and Shell server for Windows from Codeorigin USA. A path traversal vulnerability exists in Codeorigin Sysax Multi Server version 6.90. The vulnerability stems from a failure of a network system or product to properly filter...
The vulnerability of the FTP service (default ports 21/tcp and 5411/tcp), which is used by the SiNVR 3 video server, allows a hacker to gain access to protected information.
The vulnerability of the FTP service default ports 21/tcp and 5411/tcp of the SiNVR 3 video server is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain access to protected information...
Konica Minolta FTP Utility 'NLST' Denial of Service Vulnerability
Konica Minolta FTP Utility is a software used by Konica Minolta copiers. A denial of service vulnerability exists in Konica Minolta FTP Utility 'NLST'. An attacker can exploit the vulnerability to overwrite certain registers such as EAX, ESI, EDI... to crash the FTP server and overwrite certain...
Konica Minolta FTP Utility 'LIST' Denial of Service Vulnerability
Konica Minolta FTP Utility is a software used by Konica Minolta copiers. A denial of service vulnerability exists in Konica Minolta FTP Utility 'LIST'. An attacker can exploit the vulnerability to overwrite certain registers such as EAX, ESI, EDI... to crash the FTP server and overwrite certain...
The vulnerability of the VNC Server component of the remote desktop management software UltraVNC, which is part of the monitoring, control, and remote maintenance module for the commercial cold production equipment of TelevisGo, allows a perpetrator to execute arbitrary code.
The vulnerability of the VNC Server component of the remote desktop management software UltraVNC, which is part of the monitoring, control, and remote maintenance module for the commercial cold production system TelevisGo, is related to a buffer overflow in the request-to-file transfer handler...
CVE-2019-20801
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...
Cross site scripting
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an...
CVE-2019-20801
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...
CVE-2020-7455
In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel for kernel NAT or natd process...
Linux: SSH Subsystem
Subsystem: Configures an external subsystem e.g. file transfer daemon. Arguments should be a subsystem name and a command with optional arguments to execute upon subsystem request. The command sftp-server implements the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be...
Accellion File Transfer Appliance Operating System Command Injection Vulnerability
Accellion File Transfer Appliance is a file transfer appliance from Accellion, USA. The product supports sharing and synchronizing files online using AES 128/256, among other things. A command injection vulnerability exists in Accellion File Transfer Appliance version FTA80540. The vulnerability...
Accellion File Transfer Appliance Trust Management Issues Vulnerability
Accellion File Transfer Appliance is a file transfer appliance from Accellion, USA. The product supports sharing and synchronizing files online using AES 128/256, among other things. A trust management issue vulnerability exists in the Accellion File Transfer Appliance version FTA80540. The...
CVE-2019-5623
Accellion File Transfer Appliance version FTA80540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection'...
CVE-2019-5622
Accellion File Transfer Appliance version FTA80540 suffers from an instance of CWE-798: Use of Hard-coded Credentials...
CVE-2019-5622
Accellion File Transfer Appliance version FTA80540 suffers from an instance of CWE-798: Use of Hard-coded Credentials...
Hardcoded credentials
Accellion File Transfer Appliance version FTA80540 suffers from an instance of CWE-798: Use of Hard-coded Credentials...
Command injection
Accellion File Transfer Appliance version FTA80540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection'...
CVE-2019-5623
CVE-2019-5623 affects Accellion File Transfer Appliance, specifically FTA_8_0_540, with a command injection flaw (CWE-77) arising from improper neutralization of input in the construction of executable commands. The vulnerability is network-exposed and could allow an attacker to execute commands ...