php: integer overflow leading to heap overflow when reading FTP file listing

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code...

Accellion FTA 'statecode' Cookie Arbitrary File Read

This module exploits a file disclosure vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'statecode' cookie parameter is appended to a file path that is processed as a HTML template. By prepending this cookie with directory traversal...

Accellion FTA getStatus verify_oauth_token Command Execution

This module exploits a metacharacter shell injection vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'oauthtoken' is passed into a system call within a modperl handler. This module exploits the '/tws/getStatus' endpoint. Other vulnerabl...

AirDroid - Arbitrary File Upload

/IN THE NAME OF GOD /auth====PARSA ADIB import sys,requests,re,urllib2 def logo: print"\t\t . . . ." print"\t\t || | / || | /" print"\t\t\ \ | \ / |\ / | |/ | " print"\t\t / | || | / // | | | \ / // | " print"\t\t /||| \ | || /|\ | " print"\t\t / / / " print "\t\tAIRDROID VerAll UPLOAD...

php: integer overflow leading to heap overflow when reading FTP file listing

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code...

[SECURITY] Fedora 22 Update: curl-7.40.0-5.fc22

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

php: integer overflow leading to heap overflow when reading FTP file listing

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code...

UBUNTU-CVE-2015-4643

Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...

Jildi FTP Client Local Buffer Overflow Vulnerability

Jildi FTP Client is a set of FTP client programs that run on Windows systems. A local buffer overflow vulnerability exists in Jildi FTP Client that could be exploited by an attacker to crash the application or execute arbitrary code...

I2P - The Invisible Internet Project

I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based a la IP, but there is a library available to allow reliable streaming communication on top of it a la TCP. All...

PHP FTP Extension List Parsing Heap Overflow Vulnerability

PHP is a general-purpose web programming language. PHP FTP extension heap overflow vulnerability when parsing a list of files allows remote attackers to build special FTP servers that can trigger an overflow when parsed by an application to execute arbitrary code...

SmarTTY - Multi-tabbed SSH Client with SCP Support

SmarTTY is a free multi-tabbed SSH client that supports copying files and directories with SCP on-the-fly and editing files in-place. One SSH session - multiple tabs Most SSH servers support up to 10 sub-sessions per connection. SmarTTY makes the best of it: no annoying multiple windows, no need ...

Problem with directory permissions in JP1/Automatic Operation

Overview There is a problem of permissions on file transfer directory in JP1/Automatic Operation. Impact Malicious local users might refer or modify transferred files. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

[SECURITY] Fedora 21 Update: libssh-0.6.5-1.fc21

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Wireless File Transfer Pro Android - Multiple CSRF Vulnerabilities

Document Title: =============== Wireless File Transfer Pro Android - CSRF Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1437 Release Date: ============= 2015-02-25 Vulnerability Laboratory ID VL-ID: ====================================...

[SECURITY] Fedora 21 Update: mingw-curl-7.42.0-1.fc21

cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, F...

Wing FTP Server Admin /admin_event_list.html type Cross Site Scripting Vulnerability

WingFTPServer is a professional cross-platform FTP server , it has good speed , reliability and a friendly configuration interface . Wing FTP Server Admin /admineventlist.html type parameter handling has a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerabilit...

Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The numerous vulnerabilities in the ftpd package of the Debian GNU/Linux operating system can be exploited, leading to a violation of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by local malicious individuals...

Mandriva Linux Security Advisory : librsync (MDVSA-2015:204)

Updated librsync packages fix security vulnerability : librsync before 1.0.0 used a truncated MD4 strong check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions...

MobaXterm - Terminal for Windows with X11 server, tabbed SSH client, network tools and much more...

MobaXterm is your ultimate toolbox for remote computing. In a single Windows application, it provides loads of functions that are tailored for programmers, webmasters, IT administrators and pretty much all users who need to handle their remote jobs in a more simple fashion. MobaXterm provides all...