CVE-2020-15575

SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194...

CVE-2020-15576

CVE-2020-15576 affects SolarWinds Serv-U File Server prior to version 15.2.1. The vulnerability enables information disclosure via an HTTP response. The vulnerability is documented across multiple sources (including Red Hat and CNVD/CVE records) confirming the affected product as SolarWinds Serv-...

CVE-2020-15576

SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response...

httpd: mod_proxy_ftp use of uninitialized value

A flaw was found in Apache's HTTP server httpd .The modproxyftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality...

HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)

Exploit Title: HFS Http File Server 2.3m Build 300 - Buffer Overflow PoC Date: 2020-06-05 Exploit Author: hyp3rlinx Vendor Homepage: www.rejetto.com CVE : CVE-2020-13432 + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

June 9, 2020—KB4561649 (OS Build 10240.18608)

June 9, 2020—KB4561649 OS Build 10240.18608 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer. Updates to improve...

June 9, 2020—KB4561621 (OS Build 17134.1550)

June 9, 2020—KB4561621 OS Build 17134.1550 IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...

CVE-2020-13432

rejetto HFS aka HTTP File Server v2.3m Build 300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers...

Design/Logic Flaw

rejetto HFS aka HTTP File Server v2.3m Build 300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers...

CVE-2020-13432

The CVE-2020-13432 entry concerns rejetto HFS (HTTP File Server) v2.3m Build 300. The connected docs confirm a remote buffer overflow that, under concurrent HTTP requests with long URIs or long headers, can trigger an invalid-pointer write access violation in hfs.exe, effectively enabling remote ...

CVE-2020-13432

rejetto HFS aka HTTP File Server v2.3m Build 300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers...

HFS Http File Server 2.3m Build 300 Buffer Overflow Exploit

HFS Http File Server version 2.3m build 300 suffers from a remote buffer overflow vulnerability that can lead to a denial of service. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

HFS Http File Server 2.3m Build 300 Buffer Overflow

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HFS-HTTP-FILE-SERVER-v2.3-REMOTE-BUFFER-OVERFLOW-DoS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.rejetto.com Product HFS Http File Server v2.3m Build 300...

Zoho ManageEngine DataSecurity Plus DataEngine Xnode Server Application Path Traversal Vulnerability

Zoho ManageEngine DataSecurity Plus is a sensitive data management solution from Zoho USA. The product features data leakage prevention, data risk assessment and file server auditing. A path traversal vulnerability exists in the Zoho ManageEngine DataSecurity Plus DataEngine Xnode Server...

ManageEngine DataSecurity Plus Authentication Bypass Vulnerability

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability. ManageEngine DataSecurity Plus Authentication Bypass Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3...

ManageEngine DataSecurity Plus Path Traversal / Code Execution

XL-2020-001 - DataSecurity Plus Xnode Server - Remote Code Execution via Path Traversal =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11531 XL-20-001 CVSSv3 score...

ManageEngine DataSecurity Plus Authentication Bypass

XL-2020-002 - DataSecurity Plus Xnode Server - Authentication Bypass =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3 score ------------------------------------------------...

Security Bulletin: IBM Security Guardium is affected by a FileServer functionality vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4292 DESCRIPTION: IBM Security Guardium could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. CV...

Vulnerability fixed in glibc

A vulnerability has been fixed in glibc. The vulnerability allows a local malicious party the opportunity to cause a denial-of-service denial-of-service. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix in SUSE 15. You can install these custom packages by using...

EulerOS 2.0 SP8 : samba (EulerOS-SA-2020-1179)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18...