PT-2013-70: Multiple Cross-Site Scripting (XSS) in Serv-U File Server

The specialists of the Positive Research center have detected Multiple Cross-Site Scripting vulnerabilities in Serv-U File Server. The application does not perform sufficient validation of parameters, which are sent by client and used in HTM scripts. This vulnerability allows an attacker to execu...

PT-2013-68: Sensitive Information Disclosure in Serv-U File Server

The specialists of the Positive Research center have detected a Sensitive Information Disclosure vulnerability in Serv-U File Server on Windows. The system does not consider that NTFS allows users to address files with extended syntax, while matching the requested resource URL with locations...

PT-2013-66: Cross-Site Request Forgery (CSRF) in Serv-U File Server

The specialists of the Positive Research center have detected a Cross-Site Request Forgery vulnerability in Serv-U File Server. All kinds of web interfaces are vulnerable to Cross-Site Request Forgery CSRF attacks. The vulnerability allows an attacker to modify the system configuration. How to fi...

USN-1802-1: Samba vulnerability

It was discovered that Samba incorrectly handled CIFS share attributes when SMB2 was used. A remote authenticated user could possibly gain write access to certain shares, bypassing the intended permissions...

Pakistan Government servers messed up after security breach

Today a cyber attack on Pakistan Government servers crash many Government departments's official websites including Ministry of Information Technology, Ministry of Railways, Ministry of Economic Affairs & Statistics, Ministry of Interior, Ministry of Religious Affairs, Ministry of Science and...

Nmap NSE 6.01: smb-enum-sessions

Enumerates the users logged into a system either locally or through an SMB share. The local users can be logged on either physically on the machine, or through a terminal services session. Connections to a SMB share are, for example, people connected to fileshares or making RPC calls. Nmap's...

QuickShare File Server Directory Traversal

A directory traversal vulnerability has been reported in QuickShare File Server...

HTTP File Server Multiple Vulnerabilities

HTTP File Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:httpfilesever:hfs";...

QuickShare File Server 1.2.1 Directory Traversal Vulnerability

This module exploits a vulnerability found in QuickShare File Server's FTP service. By supplying "../" in the file path, it is possible to trigger a directory traversal flaw, allowing the attacker to read a file outside the virtual directory. By default, the "Writable" option is enabled during...

Incorrect permission checks when granting/removing

Description Samba versions 3.4.x to 3.6.4 inclusive are affected by a vulnerability that allows arbitrary users to modify privileges on a file server. Security checks were incorrectly applied to the Local Security Authority LSA remote proceedure calls RPC CreateAccount, OpenAccount,...

FleaHttpd - Remote Denial of Service

FleaHttpd - Remote Denial of Service !/usr/bin/python """ FleaHttpd Remote Denial Of Service Exploit by condis "FleaHttpd is a http daemon written from scratch in C. When working as a static file server, data show that under certain condition, fleahttpd's speed for static file retrieving can be...

optima apiftp server 1.5.2.13 - Multiple Vulnerabilities

Luigi Auriemma Application: Optima APIFTP Server http://www.optimalog.com/home.html Versions: = 1.5.2.13 Platforms: Windows Bugs: A NULL pointer B endless loop Exploitation: remote Date: 13 Nov 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bugs 3 The Co...

Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)

This host is missing an important security update according to Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006. OpenVAS Vulnerability Test $Id: gbmacosxsu11-006.nasl 7029 2017-08-31 11:51:40Z teissa $ Mac OS X v10.6.8 Multiple Vulnerabilities 2011-006 Authors: Rachana Shetty Copyright:...

CVE-2011-3225

The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account...

Design/Logic Flaw

The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account...

CVE-2011-3225

The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account...

CVE-2011-3225

CVE-2011-3225 affects Apple Mac OS X 10.7 (Lion) SMB File Server. Before 10.7.2, guest users could access the share point record of a guest-restricted folder via the nobody account, bypassing browsing restrictions. Apple fixed this in OS X v10.7.2 / Security Update 2011-006 by applying appropriat...

Mac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.2. This version contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreMedia - CoreProcesses - CoreStorage - Fil...

QuickShare File Share 1.2.1 Directory Traversal

!/usr/bin/python Exploit Title: QuickShare File Share 1.2.1 Directory Traversal Vulnerability Date: 02/03/2011 Author: modpr0be Software Link: http://www.quicksharehq.com/files/qfssetup.exe Vulnerable version: 1.2.1 Tested on: Windows XP SP3 VMware Player 3.1.3 build-324285 CVE : N/A...

quickshare file share 1.2.1 - Directory Traversal (1)

quickshare file share 1.2.1 - Directory Traversal 1 !/usr/bin/python Exploit Title: QuickShare File Share 1.2.1 Directory Traversal Vulnerability Date: 02/03/2011 Author: modpr0be Software Link: http://www.quicksharehq.com/files/qfssetup.exe Vulnerable version: 1.2.1 Tested on: Windows XP SP3...