CVE-2019-6500

In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring...

EUVD-2019-16059

In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring...

CVE-2019-6500

CVE-2019-6500 affects Axway File Transfer Direct 2.7.1 and is an unauthenticated Directory Traversal vulnerability. The issue arises from a crafted HTTP GET request using %2e in place of '.' characters, as demonstrated by a /h2hdocumentation//%2e%2e/ substring. CVSS data reported: CVSSv2 base sco...

OpenSSH 7.6p1 SCP Client - Multiple Vulnerabilities (SSHtranger Things) Exploit

Exploit Title: SSHtranger Things Exploit Author: Mark E. Haase Vendor Homepage: https://www.openssh.com/ Software Link: download link if available Version: OpenSSH 7.6p1 Tested on: Ubuntu 18.04.1 LTS CVE : CVE-2019-6111, CVE-2019-6110 ''' Title: SSHtranger Things Author: Mark E. Haase Homepage:...

How to Load Balance Trivial File Transfer Protocol Servers

This article describes how to load balance a Trivial File Transfer Protocol TFTP server using Reverse Network Address Translation RNAT and Use Source IP USIP. TFTP is simple file transport protocol. It uses User Datagram Protocol UDP port 69 as a transport protocol and is typically implemented on...

CVE-2019-2538

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware subcomponent: MFT Runtime Server. Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2019-2538

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware subcomponent: MFT Runtime Server. Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

Design/Logic Flaw

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware subcomponent: MFT Runtime Server. Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2019-2538

CVE-2019-2538 is a vulnerability in the Oracle Managed File Transfer (MFT Runtime Server) component of Oracle Fusion Middleware . Affected versions are 19.1.0.0.0 and 12.2.1.3.0 . The issue allows a low-privileged attacker who can access the service over the network via HTTP to compromise MFT, po...

CVE-2019-2538

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware subcomponent: MFT Runtime Server. Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2019-2538

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware subcomponent: MFT Runtime Server. Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

Oracle Managed File Transfer Access Control Error Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, and other features.Managed File Transfer is one of the file transfer management components. An access control...

MGASA-2019-0037 Updated libvncserver & x11vnc packages fix security vulnerabilities

A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity CVE-2018-6307. A heap use-after-free vulnerability in the server code of the file transfer extension,...

SUSE SLED15 / SLES15 Security Update : LibVNCServer (SUSE-SU-2019:0080-1)

This update for LibVNCServer fixes the following issues : Security issues fixed : CVE-2018-15126: Fixed use-after-free in file transfer extension bsc1120114 CVE-2018-6307: Fixed use-after-free in file transfer extension server code bsc1120115 CVE-2018-20020: Fixed heap out-of-bound write inside...

Remote Code Execution (RCE)

libvncserver.so is vulnerable to remote code execution. The vulnerability is possible because of a heap use-after-free flaw in the server code of the file transfer extension...

CVE-2018-20684

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp...

Input validation

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp...

CVE-2018-20684

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp...

SUSE-SU-2019:0060-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension bsc1120114 - CVE-2018-6307: Fixed use-after-free in file transfer extension server code bsc1120115 - CVE-2018-20020: Fixed heap out-of-bound write insi...

The vulnerability of the software controller for the centralized control of wireless networks by D-Link Central WiFi Manager arises from the use of pre-installed credentials. This allows a hacker to execute arbitrary PHP code.

The vulnerability of the D-Link Central WiFi Manager software control panel lies in the use of pre-installed credentials FTP services: admin, admin, which are running on port 9000. Exploiting this vulnerability allows a malicious actor to execute arbitrary PHP code by loading it into the root...