Tumbleweed SecureTransport vcst_eu.dll ActiveX控件远程栈溢出漏洞

BUGTRAQ ID: 28666 Tumbleweed SecureTransport是安全的文件传输解决方案，允许用户通过Internet传输敏感文件。 SecureTransport的FileTransfer ActiveX控件（vcsten.dll，CLSID：38681fbd-d4cc-4a59-a527-b3136db711d3）中存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。 相关代码： interface IActiveXTransfer : IDispatch id0x00000007, helpstring"method TransferFile"...

tumbleweed-overflow.txt

!-- aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 07-Apr-2008 Software: Tumbleweed Communications - SecureTransport FileTransfer http://www.tumbleweed.com/ Description: "Tumbleweed SecureTransport is the industry's most secure Managed File...

Tumbleweed SecureTransport FileTransfer ActiveX BOF Exploit

Exploit for unknown platform in category remote exploits =========================================================== Tumbleweed SecureTransport FileTransfer ActiveX BOF Exploit =========================================================== !-- aushack.com - Vulnerability Advisory...

Tumbleweed SecureTransport 4.6.1 FileTransfer - ActiveX Buffer Overflow

!-- aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 07-Apr-2008 Software: Tumbleweed Communications - SecureTransport FileTransfer http://www.tumbleweed.com/ Description: "Tumbleweed SecureTransport is the industry's most secure Managed File...

CVE-2008-1564

Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a ".." dot dot backslash in the filename...

CVE-2008-1564

Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a ".." dot dot backslash in the filename...

CVE-2008-1564

CVE-2008-1564 describes a directory traversal vulnerability in Dan Costin File Transfer, prior to version 1.2f. It allows remote attackers to read arbitrary files by supplying a "..\" sequence in the filename. The NVD entry notes a CVSSv2 base score of 4.3 (Medium) with network access and no auth...

File Transfer (P2P) Detection

The remote service is File Transfer, a peer-to-peer file transfer tool. Note that, as of version 1.2f at least, the application has no support for authenticating access so anyone who can access the port can potentially retrieve or upload files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Timbuktu Pro Remote Path Traversal and Log Injection

Timbuktu Pro Remote Path Traversal and Log Injection Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs-research Advisory Information Title: Timbuktu Pro Remote Path Traversal and Log Injection Advisory ID: CORE-2008-0204 Advisory URL:...

Beehive/SendFile.NET - Secure File Transfer Appliance hardcoded credentials

There is hardcoded FTP account sfoutbox/sfoutbox...

Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials

Title: Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials Vendor: Beehive Software Vendor URL: http://www.thebeehive.com/ Affected File: http://host/sfcommon/SendFile.jar Vendor Contact Date: 7/26/2007 Vendor Response: None Workaround: The simplest way to protect against...

PHP and ASP script upload vulnerability probing and Defense-vulnerability warning-the black bar safety net

1: upload the exploit the principles just for the form format of the upload of asp and php scripts ncnetcat For the submission packet the dos interface to run under: nc-vv www.. com 8 01.txt -vv: echo 8 0: the www port 1.txt: that you want to send the data packet More on method of use please revi...

Cross site request forgery (csrf)

TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory...

CVE-2008-0673

TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory...

ImageShack Toolbar 4.5.7 FileUploader Class InsecureMethod PoC

No description provided by source. !-- ImageShack Toolbar 4.5.7 FileUploader Class ImageShackToolbar.dll insecure method poc This tool may allow a malicious web page to post arbitrary images on the web from a user hard drive. Images will be visible on ImageShack site, a way for an attacker to...

Debian Security Advisory DSA 499-2 (rsync)

The remote host is missing an update to rsync announced via advisory DSA 499-2. OpenVAS Vulnerability Test $Id: deb4992.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 499-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 499-2 (rsync)

The remote host is missing an update to rsync announced via advisory DSA 499-2. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 499-1 (rsync)

The remote host is missing an update to rsync announced via advisory DSA 499-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

DEBIAN-CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

File Transfer 1.2 - Request File Directory Traversal

File Transfer 1.2 - Request File Directory Traversal source: https://www.securityfocus.com/bid/28453/info File Transfer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary...