[slackware-security] lftp security update

lftp is a file transfer program that connects to other hosts using FTP, HTTP, and other protocols. A security problem with lftp has been corrected with the release of lftp-2.6.10. New packages are available for Slackware 8.1, 9.0, 9.1, and -current. Any sites using lftp should upgrade to the new...

msnbug.txt

MSN Messenger bug Release Date: 20/11/03 Discovery date: Sometime around 2001 or 2000 Versions Affected: ------------------ Msn messenger 1.0 - msn messenger 6.0.0602 Windows messenger all versions Not Affected: ------------ Msn Messenger 6.1, trillian, gaim Description: ----------- A bug exists ...

MSN messenger improper file transfer ip-address field parsing

MSN Messenger bug Release Date: 20/11/03 Discovery date: Sometime around 2001 or 2000 Versions Affected: ------------------ Msn messenger 1.0 - msn messenger 6.0.0602 Windows messenger all versions Not Affected: ------------ Msn Messenger 6.1, trillian, gaim Description: ----------- A bug exists ...

IP address leak in MSN messanger

With filte transfer requests it's possible to determine user IP...

YAK! 2.1.0 still vulnerable

YAK! 2.1.0 still vulnerable =========================== for file transfer yak uses ftp mode. Yak! listens on port 3535 for file transfer in ftp mode. vulnerability in the previous version was, they were using constant username and pass combination for ftp login. 2.1.0 version seems to overcome th...

CVE-2003-0831

ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files...

Buffer Overflow in Yahoo messenger Client

Date: Oct 26, 2003 Title: Buffer Overflow in Yahoo messenger Client Vulnerable systems: Yahoo! Messenger version 5.6.0.X Summary: Vulnerability in Yahoo Messenger File Transfer option allows a remote attacker to shut down the victim client. Details: The Yahoo messenger service filters some specia...

Yahoo! Messenger 5.6 - File Transfer Buffer Overrun

Yahoo! Messenger 5.6 - File Transfer Buffer Overrun source: Yahoo! Messenger File Transfer Buffer Overrun Vulnerability Yahoo! Messenger is prone to a remotely exploitable buffer overrun vulnerability. An attacker may trigger this condition by initiating a malformed 'sendfile' request, which the...

ProFTPd 1.2.71.2.8 - .ASCII File Transfer Buffer Overrun

ProFTPd 1.2.71.2.8 - .ASCII File Transfer Buffer Overrun // source: https://www.securityfocus.com/bid/8679/info A remotely exploitable buffer overrun vulnerability has been reported in ProFTPD. This issue could be triggered if an attacker uploads a malformed file and then that file is downloaded ...

Yak! 2.0.1 file trasfer exploit

http://www.digicraft.com.au/yak/ yak 2.0.1 is a software for chattin in lan environment for windows it supports file transfers. the default port it listens is 3535. connecting at 3535 telnet localhost 3535 gives up nice : " 220 ICS FTP Server ready. " meaning for file transfers ftp is being used...

DEBIAN-CVE-2003-0254

Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service CPU consumption by infinite loop when the FTP proxy server fails to create an IPv6 socket...

Multiple bugs in ActiveX components

Local files access in applet com.ms.xml.dso.XMLDSO.class and XMLHTTPConnection ActiveX, buffer overflow in xweb.ocx ActiveX Microsoft DirectX Files Viewer, TSAC and File Transfer Manager FTM ActiveX...

CVE-2003-0505

Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "...." dot dot sequences in a file transfer request...

CVE-2003-0505

Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "...." dot dot sequences in a file transfer request...

core.netmeeting.txt

Core Security Technologies Advisory http://www.coresecurity.com NetMeeting Directory Traversal Vulnerability Date Published: 2003-07-02 Last Update: 2003-07-02 Advisory ID: CORE-2003-0305-04 Bugtraq ID: 7931 CVE Name: None currently assigned. Title: NetMeeting Directory Traversal Vulnerability...

Microsoft NetMeeting directory traversal

Directory traversal during file receiving...

CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability

Core Security Technologies Advisory http://www.coresecurity.com NetMeeting Directory Traversal Vulnerability Date Published: 2003-07-02 Last Update: 2003-07-02 Advisory ID: CORE-2003-0305-04 Bugtraq ID: 7931 CVE Name: None currently assigned. Title: NetMeeting Directory Traversal Vulnerability...

CVE-2002-1943

SafeTP 1.46, when network address translation NAT is being used, leaks the internal IP address of the FTP server in a response to a passive mode PASV file transfer request...

Multiple FTP clients contain directory traversal vulnerabilities

Overview Multiple File Transfer Protocol FTP clients contain directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. Description In a typical file transfer operation, one participant the client requests a file while a second participant the...

SafeTP 1.46 - Passive Mode Internal IP Address Revealing

SafeTP 1.46 - Passive Mode Internal IP Address Revealing source: https://www.securityfocus.com/bid/5822/info SafeTP is a freely available, open source secure ftp client-server software package. It is available for Unix, Linux, and Microsoft Operating Systems. It has been reported that under some...