USN-4129-2 curl vulnerability

USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resultin...

Pyrdp - RDP Man-In-The-Middle And Library For Python3 With The Ability To Watch Connections Live Or After The Fact

PyRDP is a Python 3 Remote Desktop Protocol RDP Man-in-the-Middle MITM and library. It features a few tools: RDP Man-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Saves replays of connections so you c...

FTP-KRB double free

libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPTKRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32-bit size of each block first and then that amount of data immediately following. A malicious or broken serv...

TFTP small blocksize heap buffer overflow

libcurl contains a heap buffer overflow in the function tftpreceivepacket that receives data from a TFTP server. It can call recvfrom with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is controlled b...

Core FTP Buffer Overflow Vulnerability (CNVD-2019-30906)

Core FTP is a set of free FTP client software from the Core FTP community. The software supports file uploads, downloads, renewals and more. Core FTP suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service...

CVE-2019-11380

The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage...

PT-2019-18227 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 11.5.2 through 11.6.4 BIG-IP versions 12.1.0 through 12.1.4.1 BIG-IP versions 13.0.0 through 13.1.2 BIG-IP versions 14.0.0 through 14.1.0.5 Description: The issue occurs when FTP traffic passes through a Virtual Server with bo...

CVE-2019-12753

An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The maliciou...

CVE-2018-18371

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP serve...

CVE-2019-11246

CVE-2019-11246 : Kubernetes kubectl cp uses tar inside the container to create an archive, which kubectl unpacks on the user’s machine. If the container tar is malicious, it could run code and write files to the local filesystem, limited by the user’s permissions. Affected Kubernetes versions inc...

DEBIAN-CVE-2019-10055

An issue was discovered in Suricata 4.1.3. The function ftppasvresponse lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file...

CVE-2019-15497

Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP...

CloudBees Jenkins FTP publisher Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . FTP publisher Plugin is used in one of...

cPanel Authorization Issues Vulnerability (CNVD-2019-29022)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions prior to cPanel 55.9999.141. An attacker can exploit the vulnerability to bypass the...

Oracle Linux 8 : gvfs (ELSA-2019-1517)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1517 advisory. - CVE-2019-3827: Prevent access if any authentication agent isn't available 1690470 Tenable has extracted the preceding description block directly from the Orac...

cPanel cross-site scripting vulnerability (CNVD-2019-28993)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the ftpsessions API in cPanel versions prior to 60.0.25. The vulnerability stems...

Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download

Exploit Title: Joomla! component comjssupportticket - Arbitrary File Download Dork: inurl:"index.php?option=comjssupportticket" Date: 08.08.19 Exploit Author: qw3rTyTy Vendor Homepage: http://joomsky.com/ Software Link: https://www.joomsky.com/46/download/1.html Version: 1.1.5 Tested on:...

Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download

Joomla! Component JS Support Ticket component comjssupportticket 1.1.5 - Arbitrary File Download Exploit Title: Joomla! component comjssupportticket - Arbitrary File Download Dork: inurl:"index.php?option=comjssupportticket" Date: 08.08.19 Exploit Author: qw3rTyTy Vendor Homepage:...

Joomla JS Support Ticket 1.1.5 Arbitrary File Download

Exploit Title: Joomla! component comjssupportticket - Arbitrary File Download Dork: inurl:"index.php?option=comjssupportticket" Date: 08.08.19 Exploit Author: qw3rTyTy Vendor Homepage: http://joomsky.com/ Software Link: https://www.joomsky.com/46/download/1.html Version: 1.1.5 Tested on:...

CVE-2019-14704

An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field...