BetterBackdoor - A Backdoor With A Multitude Of Features

A backdoor is a tool used to gain remote access to a machine. Typically, backdoor utilities such as NetCat have 2 main functions: to pipe remote input into cmd or bash and output the response. This is useful, but it is also limited. BetterBackdoor overcomes these limitations by including the...

[SECURITY] Fedora 31 Update: libssh-0.9.3-1.fc31

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

CVE-2019-18257

In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the use...

CVE-2019-13181

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7...

CVE-2019-5255

Certain Huawei products AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981 have a DoS vulnerability. An attacker may send crafted messages from a FTP clie...

Threat Analysis Unit (TAU) Threat Intelligence Notification: BlackRemote RAT

BlackRemote is a relatively new commodity RAT discovered in September 2019. Similar to other Remote Access Trojans, it offers typical functionality such as keylogging, remote desktop, file transfer, credential harvesting, and more. Despite the discovery of this RAT being caught early, and while t...

CVE-2019-19782

The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server...

The vulnerability of the FTP protocol implementation that supports Kerberos authentication, as provided by the libcurl library, relates to the reallocation of memory. This vulnerability allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the FTP protocol implementation that supports Kerberos authentication, when using the libcurl library, is related to a memory reclamation error. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service...

CVE-2019-18342

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The SFTP service default port 22/tcp of the Control Center Server CCS does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker wit...

PT-2019-15360 · Bosch · Control Center Server

Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 Description: A vulnerability has been identified in the SFTP service of the Control Center Server, which contains an authentication bypass issue. This allows a remote attacker with network...

PT-2019-15361 · Unknown · Control Center Server

Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 Description: A vulnerability has been identified in the SFTP service of the Control Center Server, which does not properly limit its capabilities. This could allow an unauthenticated remote...

The vulnerability of the FTP server of the EKRA 200 series micro-processor terminal allows a hacker to gain access to arbitrary data in the file system.

The vulnerability of the FTP server of the EKRA 200 series micro-processor terminals is related to security flaws in their mechanisms. Exploiting this vulnerability allows a malicious actor to gain access to arbitrary files on the file system using the RETR command...

The vulnerability of the tftp_receive_packet function in the libcurl library, related to buffer overflow in memory, allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the tftpreceivepacket function in the libcurl library is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

CVE-2019-5211

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully...

Design/Logic Flaw

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully...

libVNC File Transfer Extension Heap-based Buffer Overflow (CVE-2018-15127)

A heap-based buffer overflow vulnerability has been reported in libVNC. The vulnerability is due improper validation of the file transfer request by the File Transfer extension. Successful exploitation may result in remote code execution on the target server...

The vulnerability of Modicon microprogrammed controllers lies in the lack of version checking for installed software updates. This allows a malicious individual to download an unpatched version of the installed software via FTP, thereby causing a service failure.

The vulnerability of Modicon microprogrammed controllers lies in the lack of verification of the version of the embedded software updates. Exploiting this vulnerability allows a malicious actor to download an un-supported version of the embedded software via FTP protocol, thereby causing service...

The vulnerability of Modicon microprogrammed controllers relates to the transmission of confidential information in open text using the FTP protocol, allowing a intruder to disclose the protected information.

The vulnerability of Modicon microprogrammed controllers relates to the transmission of confidential information in open text using the FTP protocol. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...

The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software with an empty file via FTP protocol, thereby causing a service failure.

The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download the embedded software update with an empty file via FTP protocol, thereby causing service...

The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious entity to download the update without the presence of the software via FTP protocol, thereby causing service failure.

The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download updates to the embedded software without any interaction with the software via FTP protocol...