3513 matches found
The vulnerability of Juniper SRX 240 router microprogramming software, which allows a hacker to trigger a maintenance failure.
The Juniper SRX 240 router software contains a vulnerability that allows any user registered in the system and having remote access to the device to trigger a situation that causes resource exhaustion overloading of memory, loading of the processor. The vulnerability is related to the search for...
The vulnerability of the microprogramming software of Schneider Electric’s Modicon Quantum programmable logic controllers allows a malicious individual to gain unauthorized access to the device.
The microprogrammed software of the 140NOE77111 module of Schneider Electric’s Modicon Quantum controller contains numerous login pairs—passwords that are pre-set by default. This allows any user who has access to the device via FTP protocol to gain authorized access to the device...
The vulnerability of the Cisco IronPort Email Security Appliance allows a malicious individual to execute arbitrary code.
The vulnerability in the SLBL service a check for reliable/locked users in Cisco AsyncOS, used by Email Security Appliances and Content Security Management Appliances, allows remote users who have passed authentication to execute arbitrary code with superuser privileges, by downloading a modified...
The vulnerability of the Dnsmasq software allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.
Overfilling the buffer in dynamic memory in the tftprequest function in tftp.c in dnsmasq when using --enable-tftp allows malicious actors operating remotely to execute arbitrary code by using a long filename in the TFTP packet; for example, in a read request RRQ...
The vulnerability of the Dnsmasq software allows a remote attacker to compromise the accessibility of protected information.
The vulnerability in the tftprequest function of tftp.c in dnsmasq when using --enable-tftp allows malicious actors to trigger a service failure by using a TFTP-read request RRQ with an improperly configured blksize parameter...
CVE-2016-1440
The proxy process on Cisco Web Security Appliance WSA devices through 9.1.0-070 allows remote attackers to cause a denial of service CPU consumption by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468...
Race condition
Race condition in the client in Symantec Endpoint Protection SEP 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device...
CVE-2015-8801
CVE-2015-8801 concerns Symantec Endpoint Protection (SEP) client, where a race condition in the device control can allow a local user to bypass USB-file-transfer restrictions before the SEP device manager recognizes a new USB device. The vulnerability affects SEP 12.1 prior to RU6 MP5 and is cite...
CVE-2015-8801
Race condition in the client in Symantec Endpoint Protection SEP 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device...
DEBIAN-CVE-2016-4971
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource...
UBUNTU-CVE-2016-2372
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an...
Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability
Talos Vulnerability Report TALOS-2016-0140 Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability June 21, 2016 CVE Number CVE-2016-2372 DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potential...
CVE-2016-2362
Fonality previously trixbox Pro 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a 1 FTP or 2 SSH connection...
The vulnerability of the PHP interpreter allows attackers to execute arbitrary code.
The vulnerability of the ftpgenlist function ext/ftp/ftp.c in the PHP interpreter is caused by a numerical overflow. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code with a long response to the LIST command...
rsync: Multiple vulnerabilities
Background File transfer program to keep remote files into sync. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details. Impact Remote attackers could write arbitrary files via symlink attacks. Workaround There is no know...
Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities
Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities Vendor: Micro Focus Product web page: https://www.microfocus.com Affected version: 9.4.4058.0 and 9.4.0 SP0 Patch0 Affected products/tools : Rumba Desktop...
Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities
Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities Vendor: Micro Focus Product web page: https://www.microfocus.com Affected version: 9.4.4058.0 and 9.4.0 SP0 Patch0 Affected products/tools : Rumba Desktop 9.4 Rumba 9.4 Trace Rumba 9.4 APPC Configuration Rumba 9.4 AS400...
CVE-2016-3088
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. Mitigation Users are advised to use other FTP and HTTP based file servers for transferring blob messages. Fileserver...
Foreman Arbitrary Code Execution Vulnerability
Foreman is a set of lifecycle management tools for use in physical and virtual servers. A security vulnerability in the smart proxy TFTP API in Foreman versions 1.11.x before 1.10.4 and 1.11.2 before 1.11.2 can be exploited by a remote attacker to execute arbitrary code with the help of specially...
PT-2016-5685 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.10.4 Foreman versions 1.11.x prior to 1.11.2 Description: The issue allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH INFO to "tftp/". This is due to an eval injection...