The vulnerability of the FTP file transfer protocol in Firefox browsers allows attackers to compromise data integrity.

The vulnerability of the FTP file transfer protocol in Firefox is related to an initialization error in the modal notification that can be triggered when the page is reloaded. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

Node.js third-party modules: [dy-server2] - stored Cross-Site Scripting

I would like to report Stored XSS in dy-server2 It allows to steal session cookies, deface web , execute anything code javascript Module module name: dy-server2 version: dy-server2 npm page: https://www.npmjs.com/package/dy-server2 Module Description 这是一款轻量级http服务器，可用于文件传输，前端项目预览。 Module Stats...

Samsung SEND_FILE_WITH_HEADER Use-After-Free Exploit

Samsung suffers from a use-after-free vulnerability due to a missing lock in the SENDFILEWITHHEADER handler in fmtpsamsung.c. Samsung: UAF via missing locking in SENDFILEWITHHEADER handler in fmtpsamsung.c Tested on a Samsung A50 SM-A505FN, running build...

Rumpus FTP Server Web File Manager Cross-Site Request Forgery Vulnerability

Rumpus FTP Server is an Internet file transfer solution for the Mac platform. A cross-site request forgery vulnerability exists in the Create/Delete Account feature of Web File Manager in Rumpus FTP Server version 8.2.9.1. The vulnerability stems from the WEB application not adequately verifying...

Rumpus FTP Web File Manager Block Clients Component Cross-Site Request Forgery Vulnerability

Rumpus FTP Web File Manager is a file transfer server. A cross-site request forgery vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP version 8.2.9.1. The vulnerability stems from a web application that does not adequately validate that a request is coming from...

Squid Information Disclosure Vulnerability (CNVD-2020-05099)

Squid is a caching and forwarding HTTP web proxy. An information disclosure vulnerability exists in versions prior to Squid 4.10. An attacker can exploit this vulnerability to obtain sensitive information from heap memory via a specially crafted FTP server...

Rumpus FTP Web File Manager Cross-Site Request Forgery Vulnerability (CNVD-2020-04695)

Rumpus FTP Web File Manager is a file transfer server. A cross-site request forgery vulnerability exists in the Event Notification Settings feature of Web File Manager in Rumpus FTP version 8.2.9.1. The vulnerability stems from the WEB application not adequately verifying that requests are coming...

CVE-2019-19665

A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html...

Bosch Video Management System Path Traversal Vulnerability

Bosch DIVAR IP 3000 is a 3000 series video recorder from Bosch Germany. A path traversal vulnerability in FileTransferService in the Bosch Video Management System, which arises from a failure of a networked system or product to properly filter special elements in the path of a resource or file, c...

Biscom Secure File Transfer (SFT) Remote Code Execution Vulnerability

Biscom Secure File Transfer SFT is a Web-based file transfer solution from Biscom Inc. in the United States. The program features file sharing, workspace creation and automatic file cleanup. A remote code execution vulnerability exists in Biscom Secure File Transfer SFT. An attacker could exploit...

CVE-2020-8796

Biscom Secure File Transfer SFT before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server...

CVE-2020-8796

Biscom Secure File Transfer SFT before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server...

Remote code execution

Biscom Secure File Transfer SFT before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server...

CVE-2020-8796

Biscom Secure File Transfer SFT before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server...

CVE-2020-6767

A path traversal vulnerability in the Bosch Video Management System BVMS FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 = 10.0.0.1225, 9.0 = 9.0.0.827, 8.0 = 8.0.329 and 7.5 and older. This affects...

DEBIAN-CVE-2019-12528

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...

ALPINE-CVE-2019-12528

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...

UBUNTU-CVE-2019-12528

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...

Design/Logic Flaw

Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...

CVE-2020-8503

Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...