mySCADA myPRO File Upload Vulnerability

mySCADA myPRO is an industrial visualization control system from mySCADA Technologies, Czech Republic. A security vulnerability exists in the file 'myscadagate.exe' in mySCADA myPRO version 7, which originates from the program's use of a hard-coded FTP account username: myscada, password: Vikuk63...

CVE-2018-11311

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials...

CVE-2018-8714

Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries...

Design/Logic Flaw

Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries...

CVE-2018-8714

Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries...

CVE-2018-8714

Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries...

CVE-2018-8714

CVE-2018-8714 affects Honeywell/MatrikonOPC Explorer (and related OPC Controller components) prior to version 5.1.0.0. The root issue is an information-disclosure/file-transfer vulnerability related to MSXML handling, allowing a local attacker with access to transfer arbitrary files from the host...

CVE-2018-8714

Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries...

FTP shutdown response buffer overflow

curl might overflow a heap based memory buffer when closing down an FTP connection with long server command replies. When doing FTP transfers, curl keeps a spare "closure handle" around internally that is used when an FTP connection gets shut down since the original curl easy handle is then alrea...

CVE-2018-7505

In Advantech WebAccess versions V8.220170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application...

MatrikonOPC Explorer File Transfer Vulnerability

MatrikonOPC Explorer is a free tool for viewing the data items contained in the OPC server and detecting OPC network communication. A file transfer vulnerability exists in MatrikonOPC Explorer that could allow an attacker to transfer unauthorized files from a host system...

The vulnerability of the FTP server Tiny FTP Daemon, which allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the FTP server Tiny FTP Daemon arises due to buffer overflow. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures or execute arbitrary code...

The vulnerability of the FTP URI processor of the software tool for interacting with servers via cURL allows a hacker to induce a service failure.

The vulnerability of the FTP URI handler of the software interface to interactions with servers via cURL arises due to buffer overflows. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2018-0244

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy to drop the Server Message Block SMB protocol if a malware file is detected. The vulnerability is due to how the SMB protocol handle...

Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy to drop the Server Message Block SMB protocol if a malware file is detected. The vulnerability is due to how the SMB protocol handle...

MikroTik FTP Daemon Denial of Service Vulnerability

MikroTik is a set of routing operating system based on Linux core development of Latvian MikroTik company. The system turns a PC computer into a professional router. A security vulnerability exists in MikroTik version 6.41.4. A remote attacker can exploit the vulnerability to prevent the router...

February 22, 2018—KB4075212 (Preview of Monthly Rollup)

February 22, 2018—KB4075212 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4074594 released February 13, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses...

Huawei Mate 9 MHA-L29B Near Field Communication Component Information Disclosure Vulnerability

Huawei Mate 9 is a smartphone from Chinese company Huawei.Near Field Communication NFC moudle is one of the Near Field Communication modules. An information disclosure vulnerability exists in the NFC component in Huawei Mate 9 versions prior to MHA-L29B 8.0.0.366 C567, which stems from the progra...

The vulnerability of the FTPShell Client, related to the execution of operations beyond the buffer boundaries in memory, allows a perpetrator to execute arbitrary code or cause the application to terminate abnormally.

The vulnerability of the FTPShell Client FTP client is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause the application to terminate abnormally by sending a specially crafted...

openssh: Improper write operations in readonly mode allow for zero-length file creation

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...