Arbitrary File Write

Amendment This was deemed not a vulnerability. Overview org.apache.hive:hive-common is a reading, writing, and managing large datasets residing in distributed storage using SQL. Affected versions of this package are vulnerable to Arbitrary File Write via the File Transfer Protocol FTP client...

Arbitrary File Write

Overview org.apache.hive:hive-hplsql is a data warehouse software facilitates reading, writing, and managing large datasets residing in distributed storage using SQL. Affected versions of this package are vulnerable to Arbitrary File Write via the File Transfer Protocol FTP client functionality...

Schneider Electric uses hard-coded certificate vulnerability in several products

Schneider Electric Modicon Premium\Modicon Quantum\Modicon M340\Modicon BMXNOR0200 are programmable controllers from Schneider Electric, France. A hard-coded certificate vulnerability exists in various Schneider Electric products, which stems from an FTP server containing a hard-coded account tha...

Stack Buffer Overflow Vulnerability in Various Schneider Electric Products

Schneider Electric Modicon Premium\Modicon Quantum\Modicon M340\Modicon BMXNOR0200 are programmable controllers from Schneider Electric, France. A stack buffer overflow vulnerability exists in various Schneider Electric products, which stems from the FTP server not limiting the length of the...

Weak Encryption Algorithm Vulnerability in Various Schneider Electric Products

Schneider Electric Modicon Premium\Modicon Quantum\Modicon M340\Modicon BMXNOR0200 are programmable controllers from Schneider Electric, France. A weak cryptographic algorithm vulnerability exists in various Schneider Electric products, which stems from the FTP server not limiting the length of...

Debian: Security Advisory (DLA-832-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2018-1294 · Schneider Electric · Modicon M340 +3

Name of the Vulnerable Software and Affected Versions: Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers affected versions not specified Description: The issue is related to hard-coded accounts in the communication modules of the affected controllers...

Haxx curl buffer overflow vulnerability

Haxx curl is a set of file transfer tools from the Swedish company Haxx that work on the command line using URL syntax, the tool supports file uploads and downloads, and includes a libcurl client-side URL transfer library for program development. A buffer overflow vulnerability exists in FTP URL...

USN-3598-1 curl vulnerabilities

Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2018-1000120 Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue t...

DEBIAN-CVE-2018-1000120

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse...

FTP path trickery leads to NIL byte out of bounds write

curl can be fooled into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only issue a single CWD command --ftp-method singlecwd or the libcurl alternative CURLOPTFTPFILEMETHOD. curl then URL-decodes the given path, calls strlen o...

UBUNTU-CVE-2018-1000120

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse...

February 22, 2018—KB4077528 (OS Build 15063.936)

February 22, 2018—KB4077528 OS Build 15063.936 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue where an application cannot read or write attributes of windows that belong t...

CVE-2018-0087

A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...

Cisco Web Security Appliance FTP Authentication Bypass Vulnerability

Designed to help organizations address the growing challenges of protecting and controlling network traffic, the Cisco Web Security Appliance WSA can be easier and faster to deploy, while reducing maintenance requirements, latency, and operational costs. An FTP authentication bypass vulnerability...

The vulnerability of TRENDnet TEW-823DRU router microprogramming software, related to the use of pre-installed configuration data, allows a hacker to gain access to the device.

The vulnerability of TRENDnet TEW-823DRU router microprogramming software is related to the use of pre-installed account data for the root account. Exploiting this vulnerability allows a malicious actor to gain access to the device via an FTP session...

ruby: Command injection vulnerability in Net::FTP

It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with...

CVE-2017-12720

An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections...

CVE-2017-12724

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured ...

Windows 10 PVS target devices experience poor performance

After capturing a Windows 10 vdisk you might experience below par performance when streaming the vdisk to the target device. The issue can manifest in a number of ways, for example: 1. Long time to capture the vdisk. 2. Slow boot/login times. 3. Slow file transfer speeds compared to other...