Lucene search
K

3513 matches found

BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.3 views

The vulnerability of Juniper SRX 240 router microprogramming software, which allows a hacker to trigger a maintenance failure.

The Juniper SRX 240 router software contains a vulnerability that allows any user registered in the system and having remote access to the device to trigger a situation that causes resource exhaustion overloading of memory, loading of the processor. The vulnerability is related to the search for...

6.8CVSS6.7AI score0.32357EPSS
Exploits10References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.9 views

The vulnerability of the microprogramming software of Schneider Electric’s Modicon Quantum programmable logic controllers allows a malicious individual to gain unauthorized access to the device.

The microprogrammed software of the 140NOE77111 module of Schneider Electric’s Modicon Quantum controller contains numerous login pairs—passwords that are pre-set by default. This allows any user who has access to the device via FTP protocol to gain authorized access to the device...

10CVSS5.5AI score0.0404EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.7 views

The vulnerability of the Cisco IronPort Email Security Appliance allows a malicious individual to execute arbitrary code.

The vulnerability in the SLBL service a check for reliable/locked users in Cisco AsyncOS, used by Email Security Appliances and Content Security Management Appliances, allows remote users who have passed authentication to execute arbitrary code with superuser privileges, by downloading a modified...

8.5CVSS6.1AI score0.02752EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.10 views

The vulnerability of the Dnsmasq software allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

Overfilling the buffer in dynamic memory in the tftprequest function in tftp.c in dnsmasq when using --enable-tftp allows malicious actors operating remotely to execute arbitrary code by using a long filename in the TFTP packet; for example, in a read request RRQ...

6.8CVSS6.2AI score0.12684EPSS
Exploits7References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

The vulnerability of the Dnsmasq software allows a remote attacker to compromise the accessibility of protected information.

The vulnerability in the tftprequest function of tftp.c in dnsmasq when using --enable-tftp allows malicious actors to trigger a service failure by using a TFTP-read request RRQ with an improperly configured blksize parameter...

4.3CVSS5.4AI score0.10382EPSS
Exploits7References3Affected Software1
OSV
OSV
added 2016/07/02 2:59 p.m.5 views

CVE-2016-1440

The proxy process on Cisco Web Security Appliance WSA devices through 9.1.0-070 allows remote attackers to cause a denial of service CPU consumption by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468...

5.3CVSS5.8AI score0.01251EPSS
Exploits0References2
Prion
Prion
added 2016/06/30 11:59 p.m.16 views

Race condition

Race condition in the client in Symantec Endpoint Protection SEP 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device...

3.3CVSS6.3AI score0.00266EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2016/06/30 11:0 p.m.54 views

CVE-2015-8801

CVE-2015-8801 concerns Symantec Endpoint Protection (SEP) client, where a race condition in the device control can allow a local user to bypass USB-file-transfer restrictions before the SEP device manager recognizes a new USB device. The vulnerability affects SEP 12.1 prior to RU6 MP5 and is cite...

3.3CVSS4.4AI score0.00266EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/06/30 11:0 p.m.27 views

CVE-2015-8801

Race condition in the client in Symantec Endpoint Protection SEP 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device...

4AI score0.00266EPSS
Exploits0References3
OSV
OSV
added 2016/06/30 5:59 p.m.2 views

DEBIAN-CVE-2016-4971

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource...

8.8CVSS6.9AI score0.45935EPSS
Exploits8References1
OSV
OSV
added 2016/06/23 12:0 a.m.3 views

UBUNTU-CVE-2016-2372

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an...

5.9CVSS6.7AI score0.01772EPSS
Exploits1References5
Talos
Talos
added 2016/06/21 12:0 a.m.32 views

Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability

Talos Vulnerability Report TALOS-2016-0140 Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability June 21, 2016 CVE Number CVE-2016-2372 DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potential...

5.9CVSS0.2AI score0.01772EPSS
Exploits1
OSV
OSV
added 2016/06/20 1:59 a.m.5 views

CVE-2016-2362

Fonality previously trixbox Pro 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a 1 FTP or 2 SSH connection...

9.8CVSS5.8AI score0.02465EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/05/31 12:0 a.m.5 views

The vulnerability of the PHP interpreter allows attackers to execute arbitrary code.

The vulnerability of the ftpgenlist function ext/ftp/ftp.c in the PHP interpreter is caused by a numerical overflow. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code with a long response to the LIST command...

7.5CVSS8.1AI score0.16948EPSS
Exploits1References5Affected Software1
Gentoo Linux
Gentoo Linux
added 2016/05/30 12:0 a.m.27 views

rsync: Multiple vulnerabilities

Background File transfer program to keep remote files into sync. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details. Impact Remote attackers could write arbitrary files via symlink attacks. Workaround There is no know...

6.4CVSS9.3AI score0.06499EPSS
Exploits1
exploitpack
exploitpack
added 2016/05/26 12:0 a.m.33 views

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities Vendor: Micro Focus Product web page: https://www.microfocus.com Affected version: 9.4.4058.0 and 9.4.0 SP0 Patch0 Affected products/tools : Rumba Desktop...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2016/05/26 12:0 a.m.62 views

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities

Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities Vendor: Micro Focus Product web page: https://www.microfocus.com Affected version: 9.4.4058.0 and 9.4.0 SP0 Patch0 Affected products/tools : Rumba Desktop 9.4 Rumba 9.4 Trace Rumba 9.4 APPC Configuration Rumba 9.4 AS400...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2016/05/24 5:18 p.m.66 views

CVE-2016-3088

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. Mitigation Users are advised to use other FTP and HTTP based file servers for transferring blob messages. Fileserver...

9.8CVSS2.8AI score0.98518EPSS
Exploits19References2
CNVD
CNVD
added 2016/05/21 12:0 a.m.3 views

Foreman Arbitrary Code Execution Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. A security vulnerability in the smart proxy TFTP API in Foreman versions 1.11.x before 1.10.4 and 1.11.2 before 1.11.2 can be exploited by a remote attacker to execute arbitrary code with the help of specially...

8.8CVSS8.8AI score0.02839EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2016/05/20 12:0 a.m.5 views

PT-2016-5685 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.10.4 Foreman versions 1.11.x prior to 1.11.2 Description: The issue allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH INFO to "tftp/". This is due to an eval injection...

8.8CVSS7.5AI score0.02839EPSS
Exploits0References7
Rows per page
Query Builder