The vulnerability of the Cisco IronPort Email Security Appliance allows a malicious individual to execute arbitrary code.

The vulnerability in the SLBL service a check for reliable/locked users in Cisco AsyncOS, used by Email Security Appliances and Content Security Management Appliances, allows remote users who have passed authentication to execute arbitrary code with superuser privileges, by downloading a modified...

CVE-2016-1440

The proxy process on Cisco Web Security Appliance WSA devices through 9.1.0-070 allows remote attackers to cause a denial of service CPU consumption by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468...

Race condition

Race condition in the client in Symantec Endpoint Protection SEP 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device...

CVE-2015-8801

Race condition in the client in Symantec Endpoint Protection SEP 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device...

CVE-2015-8801

CVE-2015-8801 concerns Symantec Endpoint Protection (SEP) client, where a race condition in the device control can allow a local user to bypass USB-file-transfer restrictions before the SEP device manager recognizes a new USB device. The vulnerability affects SEP 12.1 prior to RU6 MP5 and is cite...

DEBIAN-CVE-2016-4971

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource...

UBUNTU-CVE-2016-2372

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an...

Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability

Talos Vulnerability Report TALOS-2016-0140 Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability June 21, 2016 CVE Number CVE-2016-2372 DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potential...

CVE-2016-2362

Fonality previously trixbox Pro 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a 1 FTP or 2 SSH connection...

The vulnerability of the PHP interpreter allows attackers to execute arbitrary code.

The vulnerability of the ftpgenlist function ext/ftp/ftp.c in the PHP interpreter is caused by a numerical overflow. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code with a long response to the LIST command...

rsync: Multiple vulnerabilities

Background File transfer program to keep remote files into sync. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details. Impact Remote attackers could write arbitrary files via symlink attacks. Workaround There is no know...

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities

Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities Vendor: Micro Focus Product web page: https://www.microfocus.com Affected version: 9.4.4058.0 and 9.4.0 SP0 Patch0 Affected products/tools : Rumba Desktop 9.4 Rumba 9.4 Trace Rumba 9.4 APPC Configuration Rumba 9.4 AS400...

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities Vendor: Micro Focus Product web page: https://www.microfocus.com Affected version: 9.4.4058.0 and 9.4.0 SP0 Patch0 Affected products/tools : Rumba Desktop...

CVE-2016-3088

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. Mitigation Users are advised to use other FTP and HTTP based file servers for transferring blob messages. Fileserver...

Foreman Arbitrary Code Execution Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. A security vulnerability in the smart proxy TFTP API in Foreman versions 1.11.x before 1.10.4 and 1.11.2 before 1.11.2 can be exploited by a remote attacker to execute arbitrary code with the help of specially...

PT-2016-5685 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.10.4 Foreman versions 1.11.x prior to 1.11.2 Description: The issue allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH INFO to "tftp/". This is due to an eval injection...

NetMeeting Directory Traversal Vulnerability

Advisory Information: Advisory ID: CORE-2003-0305-04 Bugtraq ID: 7931 CVE Name: None currently assigned. Title: NetMeeting Directory Traversal Vulnerability Class : Input validation error Remotely Exploitable: Yes Locally Exploitable: No Vendors Contacted: Microsoft Core Notification: 2003-05-21...

Python Based Windows Backdoor with Gmail C&C: gDog

A stealthy Python based Windows backdoor that uses Gmail as a command and control server Gdog is a stealthy Python Windows backdoor that uses Gmail as a command and control server. It is mostly inspired by Gcat with which it shares code base but it adds additional options and features and goes...

RSPET - Python Reverse Shell and Post Exploitation Tool

RSPET Reverse Shell and Post Exploitation Tool is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. Features Remote Command Execution Trafic masking XORed insted of cleartext; for better results use port 4431 Built-in File/Binary transfer both...

Accellion File Transfer Appliance Arbitrary Command Execution Vulnerability

Accellion File Transfer Appliance FTA is a file transfer solution from Accellion USA. The solution supports file transfer, file sharing, file transfer tracking and reporting, and more. A security vulnerability exists in Accellion FTA versions prior to FTA91240. A remote attacker can exploit the...