CVE-2020-8503

The CVE-2020-8503 issue affects Biscom Secure File Transfer (SFT) versions 5.0.1050–5.1.1067 and 6.0.1000–6.0.1003. A vulnerability in the file-upload feature allows Insecure Direct Object Reference (IDOR) by an authenticated sender due to an error in how uploads are handled. The impact is descri...

curl: heap buffer overflow in function tftp_receive_packet()

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3...

curl: double free due to subsequent call of realloc()

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3...

CVE-2020-8001

The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account...

thc-tips-tricks-hacks-cheat-sheet

THC's favourite Tips, Tricks & Hacks Cheat Sheet https://th...

Pachev FTP Server 1.0 Path Traversal

Exploit Title: Pachev FTP Server 1.0 - Path Traversal Date: 2020-01-23 Vulnerability: Path Traversal Exploit Author: 1F98D Vendor Homepage: https://github.com/pachev/pachevftp from ftplib import FTP ip = rawinput"Target IP: " port = intrawinput"Target Port: " ftp = FTP ftp.connecthost=ip, port=po...

Denial of Service Vulnerability in Quick Easy FTP Server (CNVD-2020-12894)

Quick Easy FTP Server is a small FTP server. A denial of service vulnerability exists in Quick Easy FTP Server. An attacker can exploit the vulnerability to cause a denial of service attack on the target server...

Denial of Service Vulnerability in Quick Easy FTP Server (CNVD-2020-12893)

Quick Easy FTP Server is a small FTP server. A denial of service vulnerability exists in Quick Easy FTP Server. An attacker can exploit the vulnerability to cause a denial of service...

Bftpd < 5.4 Multiple Vulnerabilities

Bftpd is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-6835

An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking...

Heap overflow

An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking...

CVE-2020-6835

CVE-2020-6835 affects Bftpd before 5.4. The vulnerability is a heap-based off-by-one error during file-transfer error checking. The NVD entry lists CVSS v2 base 7.5 (high) and CVSS v3.1 base 9.8 (critical) with Network attack vector, no user interaction required. Red Hat and OpenVAS references re...

CVE-2020-6835

An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking...

Barco WePresent file_transfer.cgi Command Injection

This module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the filetransfer.cgi endpoint. This module requires Metasploit: https://metasploit.com/download Current...

[SECURITY] Fedora 30 Update: libssh-0.9.3-1.fc30

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Pure-FTPd Denial of Service Vulnerability

Pure-FTPd is an FTP File Transfer Protocol server. A security vulnerability exists in the 'listdir' function of the ls.c file in Pure-FTPd version 1.0.49. An attacker can exploit this vulnerability to cause a denial of service stack exhaustion...

CVE-2019-9668

An issue was discovered in rovinbhandari FTP through 2012-03-28. receivefile in filetransferfunctions.c allows remote attackers to cause a denial of service daemon crash via a 0xffff datalen field value...

UltraVNC VNC Server Stack-based Buffer Overflow (CVE-2019-8276)

A stack-based buffer overflow vulnerability exists in the VNC Server of UltraVNC. This vulnerability is due to improper handling of file transfer request from a client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Open TFTP Server SP Formatting String Error Vulnerability

Open TFTP Server SP is a file transfer server. A formatting string error vulnerability exists in the 'logMess' function in TFTP Server SP version 1.66 and earlier. The vulnerability originates from a network system or product that receives external formatted strings as parameters with lax filteri...

Open TFTP Server Formatting String Error Vulnerability

Open TFTP Server MT is a file transfer server. A formatting string error vulnerability exists in the 'logMess' function in Open TFTP Server MT version 1.65 and earlier. The vulnerability stems from a network system or product that receives external formatted strings as parameters with lax filteri...