3489 matches found
CVE-2016-10189
BitlBee before 3.5 allows remote attackers to cause a denial of service NULL pointer dereference and crash and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list...
CVE-2016-10189
CVE-2016-10189 affects BitlBee; prior to version 3.5, a remote attacker can trigger a NULL pointer dereference via a file transfer request for a contact not in the list, leading to a crash and possible arbitrary code execution. Public advisories (Debian DSA-3853/DSA-3853-1, Mageia MGASA-2017-0200...
CVE-2017-5668
CVE-2017-5668 affects bitlbee-libpurple before 3.5.1. A remote attacker can trigger a denial of service (NULL pointer dereference/crash) and possibly execute arbitrary code via a file transfer request for a contact not in the list, due to an incomplete fix for CVE-2016-10189. Public advisories/de...
CVE-2016-10188
The CVE CVE-2016-10188 affects bitlbee-libpurple prior to 3.5. A use-after-free vulnerability allows a remote attacker to cause a denial of service (crash) or potentially execute arbitrary code by causing a file transfer connection to expire. Public advisories and vulnerability records confirm th...
CVE-2016-10188
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service crash or possibly execute arbitrary code by causing a file transfer connection to expire...
CVE-2017-5668
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for...
Cerberus FTP Server Denial of Service Vulnerability
Cerberus FTP Server is an FTP service program for Windows operating systems. Cerberus FTP Server suffers from a denial of service vulnerability that can be exploited by an attacker to deny service infinite loop...
Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...
Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...
Debian DLA-832-1 : bitlbee security update
CVE-2017-5668 Fix for incomplete fix for 'NULL pointer dereference with file transfer request from unknown contacts'. Though this package wasn't in Wheezy with this issue, I mention it here. The fix was done with the second patch for CVE-2016-10189 CVE-2016-10189 NULL pointer dereference with fil...
UBUNTU-CVE-2017-6100
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP...
[SECURITY] [DLA 832-1] bitlbee security update
Package : bitlbee Version : 3.0.5-1.2+deb7u1 CVE ID : CVE-2016-10188 CVE-2016-10189 CVE-2017-5668 CVE-2017-5668 Fix for incomplete fix for "Null pointer dereference with file transfer request from unknown contacts". Though this package wasnt in Wheezy with this issue, I mention it here. The fix w...
Insanity-Framework - Generate Payloads and control Remote Machines
With the dynamics of persuasion that prove effective in a pentest, several painstaking means of making a payload has emerged, Insanity Framework provides speed and effectiveness in a single tool to help you work. Features Bypass most AV and Sandboxes. Remote Control. Payload Generation. Some...
CVE-2016-1566
Cross-site scripting XSS vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in...
Cross site scripting
Cross-site scripting XSS vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in...
CVE-2016-1566
Cross-site scripting XSS vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in...
CVE-2016-1566
Cross-site scripting XSS vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in...
CVE-2016-1566
Cross-site scripting XSS vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in...
CVE-2016-1566
CVE-2016-1566 is an XSS vulnerability in Guacamole’s file browser (versions 0.9.8 and 0.9.9) where crafted filenames could inject script/HTML when file transfer targets are shared by multiple users. The issue was fixed in guacamole.war on 2016-01-13, though the version number was not updated. Con...
CVE-2016-1566
Removed by vendor...