CVE-2018-6690

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control MACC 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system...

CVE-2018-6690 McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control MACC 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system...

CVE-2018-6690

Summary of CVE-2018-6690 (MACC): McAfee Application and Change Control (MACC) on Windows clients is affected by an improper access control flaw that enables an authenticated user to trigger execution of arbitrary code when transferring files from an external system via USB. The vulnerability affe...

CVE-2018-16732

\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftpsave...

CVE-2018-15485

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03...

Apache Cayenne CayenneModeler XML External Entity Injection Vulnerability

Apache Cayenne is the United States Apache Apache Software Foundation of an open source persistence framework that provides object-relational mapping ORM and remote services . CayenneModeler is one of the graphical user interface . A security vulnerability exists in CayenneModeler in Apache Cayen...

CuteFTP 8.3.1 - Denial of Service (PoC)

CuteFTP 8.3.1 - Denial of Service PoC Exploit Title : CuteFTP 8.3.1 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : Alipour.it Date: 2018-08-22 Vendor Homepage : http://www.cuteftp.com/ Software Link Download : https://filehippo.com/downloadcuteftppro/4518/ Tested on : Windows 10 -...

CVE-2018-11758

CVE-2018-11758 affects Apache Cayenne CayenneModeler (desktop GUI for Cayenne ORM). It arises from XML External Entity (XXE) processing in the embedded XML parser, allowing a malicious XML file to trigger local file transfers to an attacker-controlled host. The vulnerability is mitigated by Cayen...

curl: FTP PWD response parser out of bounds read

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...

Microsoft Windows: Configure Solicited Remote Assistance

This policy setting allows you to turn on or turn off Solicited Ask for Remote Assistance on this computer. If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this...

Service Bulletin 130: Updated File Naming Conventions for FTP

Abstract Direct this service bulletin to the persons at customer locations who are responsible for opening Problem Management Reports PMRs for the TPF products. This bulletin expands on information distributed in Service Bulletin 84: File Naming Conventions for FTP and Service Bulletin 112: New F...

DEBIAN-CVE-2018-10916

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server,...

The vulnerability of the software for interacting with servers via cURL arises from buffer overflows in memory, allowing an attacker to execute arbitrary code or cause a service failure.

The vulnerability of the software for interacting with servers via cURL arises due to the overflow of dynamic memory in the buffer when a FTP connection is closed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by using long server...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

CVE-2018-10627

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This...

CVE-2018-8855

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP...

CVE-2018-10608

SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required...

PT-2018-18667

Name of the Vulnerable Software and Affected Versions Echelon SmartServer 1 versions all Echelon SmartServer 2 versions prior to 4.11.007 Echelon i.LON 100 versions all Echelon i.LON 600 versions all Description The issue concerns the default configuration of the devices, which allows unencrypted...

FTP2FTP 1.0 - Arbitrary File Download

Exploit Title: FTP2FTP 1.0 - Arbitrary File Download Dork: N/A Date: 18.07.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/ftp2ftp-server-to-server-file-transfer-php-script/21972395 Version: 1.0 Category: Webapps Tested on: Kali linux Description : The...

CVE-2018-0383

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected software incorrectly...