CVE-2001-1484

Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol TFTP to modify firmware and configuration via a bounce attack from a system on the local area network LAN side, which is allowed to access TFTP without authentication...

EFTP Version 2.0.7.337 vulnerabilities

EFTP Version 2.0.7.337 vulnerabilities According to their site @ www.eftp.org "EFTP is a 32bit combined Client/Server application, basically 2 programs in one. EFTP incorporates the 448bit Blowfish Encryption Algorithm and the FTP protocol RFC 959 implementation to provide secure file transfers...

CVE-2001-0623

sendfiled, as included with Simple Asynchronous File Transfer SAFT, on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges...

PT-2001-1056 · Mit · Krb5-Configs +5

Name of the Vulnerable Software and Affected Versions: krb5-workstation versions 1.1.1 through 1.2.2 krb5-configs version 1.1.1 krb5-devel versions 1.1.1 through 1.2.2 krb5-server versions 1.1.1 through 1.2.2 krb5-libs version 1.1.1 krb5 version 1.1.1 through 1.2.2 Description: The issue affects...

CVE-2001-0623

sendfiled, as included with Simple Asynchronous File Transfer SAFT, on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges...

PT-2001-1559 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: IIS versions 5.0 and earlier Description: The issue allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. This can be exploited in the FTP service. Recommendations: For...

PT-2001-1477 · Hewlett Packard · Hp-Ux

Name of the Vulnerable Software and Affected Versions: HPUX version 11 Description: The issue allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings. This is due to a buffer overflow in the FTP serve...

Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks

Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...

Windows (me) printer sharing vulnerability

I'm not sure how much of this is common knowledge or not but since a quick search showed nothing I felt it appropriate to share with the community. I apologize in advance for the length of writing. One of the new "features" of Windows ME that immediately caught my eye was that as soon as I got...

AOL Instant Messenger DoS

AOL Instant Messenger version 4.1.2010 others? appears to be vulnerable to a DoS attack when handling file transfers with filenames containing s. The problem I encountered is that trying to send a file to crash my victim's client would cause my client to crash first, defeating the purpose. To get...

scp.hole.txt

This issue appears quite often - tar suffers from problem of this kind as well using cute symlink tricks, you can create an archive, which, when unpacked, can overwrite or create specific files anywhere in your filesystem. This time, similar scp vulnerability has been found and acknowledged in ss...

CVE-2000-0646

WFTPD and WFTPD Pro 2.41 are vulnerable to information disclosure: a remote attacker can obtain the real file pathname by issuing a STATUS (STAT) command during a transfer, exposing filesystem paths. The provided documents do not specify an official fix or remediation, nor exploitation status bey...

WFTPD 2.4.1RC11 - 'STAT'/'LIST' Denial of Service

source: https://www.securityfocus.com/bid/1506/info WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities. 1 Issuing a STAT command while a LIST is in progress will cause the ftp server to crash. 2 If the REST command is used to write past the end of a file or to a non-existan...

CVE-2000-0383

CVE-2000-0383 concerns AOL Instant Messenger’s file transfer component disclosing the sender’s local file path to the recipient. The CERT/CC entry notes this as an exposure that could enable privacy/security inferences about the sender’s machine. The description in CVE records this behavior; vend...

CVE-2000-0383

The file transfer component of AOL Instant Messenger AIM reveals the physical path of the transferred file to the remote recipient...

CVE-2000-0551

The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files...

CVE-2000-0383

The file transfer component of AOL Instant Messenger AIM reveals the physical path of the transferred file to the remote recipient...

PT-2000-1128 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH affected versions not specified Description: The issue allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP...

PT-1999-1521 · War · War Ftp Daemon

Name of the Vulnerable Software and Affected Versions: War FTP Daemon version 1.70 Description: The issue allows remote attackers to cause a denial of service by flooding the War FTP Daemon with connections. Recommendations: For War FTP Daemon version 1.70, consider restricting the number of...

CVE-1999-0035

Race condition in signal handling routine in ftpd, allowing read/write arbitrary files...