3488 matches found
Debian DSA-2259-1 : fex - authentication bypass
It was discovered that FEX, a web service for transferring very large files, is not properly validating authentication IDs. While the service properly validates existing authentication IDs, an attacker who is not specifying any authentication ID at all can bypass the authentication procedure. The...
Wing FTP Server Detection
The remote host has an installation of Wing FTP server, which offers file transfer functionality over FTP, FTPS, and SFTP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid54955; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate",...
Gadu-Gadu Code Execution / Cross Site Scripting
Vendor: Gadu-Gadu http://gadu-gadu.pl Vulnerable Version: All Vulnerability Type: XSS, Remote Code Execution Risk level: Very High Credit: Kacper Szczesniak Vulnerability Details: Gadu-Gadu improperly handles file transfer requests. It's possible to place 255 chars of HTML code no slash inside th...
Gadu-Gadu 0-Day Remote Code Execution
Vendor: Gadu-Gadu http://gadu-gadu.pl Vulnerable Version: All Vulnerability Type: XSS, Remote Code Execution Risk level: Very High Credit: Kacper Szczesniak [email protected] Vulnerability Details: Gadu-Gadu improperly handles file transfer requests. It's possible to place 255 chars of HTML co...
Gadu-Gadu Instant Messenger 6.0 - File Transfer Cross-Site Scripting
Gadu-Gadu Instant Messenger 6.0 - File Transfer Cross-Site Scripting source: https://www.securityfocus.com/bid/47957/info Gadu-Gadu Instant Messenger is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...
Gadu-Gadu Instant Messenger 6.0 - File Transfer Cross-Site Scripting
source: https://www.securityfocus.com/bid/47957/info Gadu-Gadu Instant Messenger is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user ...
Tencent WEB QQ file transfer a tasteless vulnerabilities and fixes-vulnerability warning-the black bar safety net
Brief description: In the file name special characters not carried out inspection and restrictions. Detailed description: 2011-04-12 2 2:4 0:5 8 The other side has agreed to receive"C:\fakepath\1.asa;. jpg",began to transfer files. 2011-04-12 2 2:4 1:0 2 File"1. asa"the transfer is successful...
CentOS Update for vsftpd CESA-2011:0337 centos4 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Accellion File Transfer Appliance MPIPE2 Command Execution
$Id: accellionftampipe2.rb 11935 2011-03-11 17:37:23Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Accellion FTA MPIPE2 Command Execution
This module exploits a chain of vulnerabilities in the Accellion File Transfer appliance. This appliance exposes a UDP service on port 8812 that acts as a gateway to the internal communication bus. This service uses Blowfish encryption for authentication, but the appliance ships with two easy to...
Accellion File Transfer Appliance MPIPE2 - Command Execution (Metasploit)
$Id: accellionftampipe2.rb 11935 2011-03-11 17:37:23Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
[SECURITY] [DSA 2185-1] proftpd-dfsg security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2185-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 07, 2011 http://www.debian.org/security/faq -...
Fedora 15 : telepathy-gabble-0.11.7-1.fc15 / telepathy-glib-0.13.13-1.fc15 (2011-1284)
Telepathy-Gabble changes, including a security fix : - fd.o32390: Gabble now treats a request for a ContactSearch channel with Server set to the empty string as equivalent to not specifying a server, and rejects requests where the JID specified for Server is invalid. - fd.o32874: Offline contacts...
PT-2011-1705 · Gnu +2 · Glibc +2
Name of the Vulnerable Software and Affected Versions: glibc affected versions not specified Description: The issue allows remote authenticated users to cause a denial of service, consuming CPU and memory resources, by using crafted glob expressions that do not match any pathnames. This can be...
Ipswitch TFTP Server Directory Traversal
Added: 02/16/2011 BID: 50890 OSVDB: 77455 Background Ipswitch makes software for businesses to manage networks, securely transfer files, and communicate via e-mail. They also provide some free network tools, including a TFTP server. Problem The Ipswitch TFTP Server version 1.0.0.24 has a director...
Ipswitch TFTP Server Directory Traversal
Added: 02/16/2011 BID: 50890 OSVDB: 77455 Background Ipswitch makes software for businesses to manage networks, securely transfer files, and communicate via e-mail. They also provide some free network tools, including a TFTP server. Problem The Ipswitch TFTP Server version 1.0.0.24 has a director...
Accellion File Transfer Appliance multiple security vulnerabilities
Backdoor keys, accounts and firewall rules, code execution, unauthorized access...
SuSE 10 Security Update : pidgin, gaim and finch (ZYPP Patch Number 5573)
specially crafted MSN SLP messages could cause an integer overflow in pidgin. Attackers could potentially exploit that to execute arbitrary code. CVE-2008-2927 - overly long file names in MSN file transfers could crash pidgin. CVE-2008-2955 - SSL certifcates were not verfied. Therefore piding...
Sun Microsystems SunScreen Firewall - Privilege Escalation
Sun Microsystems SunScreen Firewall - Privilege Escalation / Sun Microsystems SunScreen Firewall Root Exploit discovered & exploited by Kingcope January 2011 The SunScreen Firewall can be administrated remotely via a java protocol service which is running on port 3858 on a SunOS machine. This Jav...
Chilkat Software FTP2 - ActiveX Component Remote Code Execution
Chilkat Software FTP2 - ActiveX Component Remote Code Execution obj.UnlockComponent"suntzu"; //needed for file transfer operations, type whatever here obj.Port=21; //configure ftp connection obj.Hostname="192.168.0.1"; //change here obj.ConnectTimeout=5; obj.Passive=1; var x; x=obj.Connect; if x=...