The vulnerability of the TFTP Server component of the Windows Deployment Services service allows a perpetrator to execute arbitrary code.

The vulnerability of the TFTP Server component of the Windows Deployment Services service arises from an operation that goes beyond the buffer limits in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted request...

NA300 PLC has information leakage vulnerability

The NA300 PLC is a mid-size programmable controller. An information disclosure vulnerability exists in the NA300 PLC. An attacker can exploit the vulnerability to disclose the PLC ftp service account and password...

[SECURITY] Fedora 28 Update: curl-7.59.0-9.fc28

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2018-6082

Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page...

curl: FTP PWD response parser out of bounds read

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...

curl: FTP wildcard out of bounds read

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a string that ends with an '' character...

D-LINK Central WifiManager CWM-100 FTP Server Port Bounce Scanning Vulnerability

D-LINK Central WifiManager CWM-100 is D-LINK centralized wireless management software. The FTP server component of D-LINK Central WifiManager can be used as a man-in-the-middle machine to allow PORT Command bounce scanning attacks. This vulnerability allows remote attackers to abuse the network a...

CVE-2018-19076

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication...

[SECURITY] Fedora 27 Update: libssh-0.7.6-1.fc27

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

[SECURITY] Fedora 28 Update: libssh-0.8.4-1.fc28

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

GHSA-MH7G-99W9-XPJM Remote code execution occurs in Apache Solr

Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

CVE-2018-3267

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: LFTP. The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via FTP to compromise Solaris. Successful attacks of this...

Security Bulletin: Password disclosure via trace log vulnerability in IBM MQ Managed File Transfer (CVE-2017-1795)

Summary Trace files generated by IBM MQ Managed File Transfer commands display passwords in plain text. Vulnerability Details CVEID: CVE-2017-1795 DESCRIPTION: IBM MQ Managed File Transfer could allow a local user to obtain highly sensitive information via trace log files generated by its command...

Cisco Firepower Threat Defense Software Denial of Service Vulnerability

Cisco Firepower Threat Defense is a suite of software from the American company Cisco Cisco that runs in firewalls. A denial of service vulnerability exists in the FTP detection engine in version 6.2.3.x of Cisco Firepower Threat Defense FTD Software prior to 6.2.3.4. A remote attacker could...

Cisco Prime Infrastructure Arbitrary File Upload Vulnerability

Cisco Prime Infrastructure PI is a set of Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technologies for wireless management. solution. An arbitrary file upload vulnerability exists in the HTTP web server of Cisco Prime Infrastructure PI versions 3.2 through...

WordPress WP Insert 2.4.2 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Wp Insert - 'Fckeditor' Arbitrary File Upload Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Google Dork: /wp-content/plugins/wp-insert Vendor: Namith Jawahar Software Link:...

hideNsneak - A CLI For Ephemeral Penetration Testing

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. Black Hat Arsenal Video Demo Video ...

McAfee Application and Change Control (MACC) Arbitrary Code Execution Vulnerability

McAfee Application and Change Control MACC is a suite of program control software from the American company McAfee. The software protects enterprise servers and endpoints from unauthorized applications and malware threats by using a dynamic trust model. An arbitrary code execution vulnerability...

CVE-2018-6690

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control MACC 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system...

Code injection

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control MACC 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system...