The vulnerability of the RTU module’s microprogramming software, Modicon BMXNOR0200H, arises from the presence of embedded authentication data. This allows a hacker to gain access to the FTP service.

The vulnerability of the RTU module’s microprogramming software, Modicon BMXNOR0200H, is related to the presence of embedded authentication data. Exploiting this vulnerability could allow a malicious actor to gain access to the FTP service remotely...

SUSE-SU-2019:1524-1 Security update for openssh

This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816. -...

CVE-2019-0315

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAPXIPCK 7.10 to 7.11, 7.20, 7.30 allows an attacker to access passwords used in FTP...

CVE-2019-0304

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inje...

ipswitch WS_FTP Server Directory Traversal Vulnerability (CNVD-2019-24249)

ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. The vulnerability can be exploited by an attacker to obtain WSFTP usernames and filenames via the SCP protocol...

VulnCheck KEV: CVE-2019-3929

Multiple Crestron products are vulnerable to command injection via the filetransfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...

The vulnerability of DHCP and TFTP services provided by Cisco Small Business 300 Series router microprogramming systems allows a attacker to induce a service failure.

The vulnerability of DHCP and TFTP services provided by Cisco Small Business 300 Series routers is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending specially crafted DHCP packets...

PT-2019-2563 · Abb · Panel Builder 600 +15

Name of the Vulnerable Software and Affected Versions: ABB CP620 versions 1SAP520100R0001 through 1SAP520100R4001 ABB CP620-WEB version 1SAP520200R0001 ABB CP630 version 1SAP530100R0001 ABB CP630-WEB version 1SAP530200R0001 ABB CP635 versions 1SAP535100R0001 through 1SAP535100R5001 ABB CP635-B...

Serv-U FTP Server Elevation of Privilege Vulnerability

Serv-U FTP Server is a set of FTP and MFT file transfer software. A security vulnerability exists in Serv-U FTP Server version 15.1.6.25. An attacker can exploit the vulnerability to bypass authentication and elevate privileges...

CVE-2019-10977

In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition...

Design/Logic Flaw

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus...

PT-2019-2337 · Bmx · Bmxnor0200H

Name of the Vulnerable Software and Affected Versions: BMX-NOR-0200H versions prior to V1.7 IR 19 Description: A use of hardcoded credentials issue exists, which could cause a confidentiality issue when using the FTP protocol. This allows a remote attacker to gain access to the FTP service...

Fedora Update for filezilla FEDORA-2019-d109db9c8a

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Design/Logic Flaw

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...

CVE-2019-10249

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...

CVE-2019-10249

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised...

CVE-2019-10249

CVE-2019-10249 affects all Xtext and Xtend versions prior to 2.18.0 where artifacts were built over HTTP instead of HTTPS, creating a risk that build artifacts could be compromised. The connected sources corroborate a MITM-style risk during builds and describe a remediation: upgrade to org.eclips...

CVE-2019-6617

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files such as /etc/passwd using SFTP to modify user permissions, without Advanced Shell access. This is contrary to o...

CVE-2019-3929

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...

CVE-2019-3929

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...