Lucene search
K

901 matches found

curl security advisories
curl security advisories
added 2006/03/20 8:0 a.m.6 views

TFTP Packet Buffer Overflow

libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check. This overflow happens if you pass in a URL with a TFTP protocol prefix "tftp://", using a valid host and a path part that is longer tha...

7.5CVSS8.5AI score0.0509EPSS
Exploits0Affected Software2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.95 views

TFTP Directory Traversal Vulnerabilities - Active Check

The TFTP Trivial File Transfer Protocol allows remote users to read files without having to log in. This may be a big security flaw, especially if tftpd the TFTP server is not well configured by the admin of the remote host. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might b...

10CVSS7.4AI score0.12546EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2005/02/10 4:43 p.m.5 views

security flaw

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline "%0a" before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command...

7.5CVSS6.1AI score0.04437EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2004/11/12 4:46 p.m.5 views

libxml2 various overflows

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 libxml2, and possibly other versions, may allow remote attackers to execute arbitrary code via 1 a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, 2 a long proxy URL containing FTP data that is not properly handled...

10CVSS6.3AI score0.21686EPSS
Exploits1References4
OSV
OSV
added 2003/08/18 4:0 a.m.4 views

DEBIAN-CVE-2003-0254

Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service CPU consumption by infinite loop when the FTP proxy server fails to create an IPv6 socket...

5CVSS6.8AI score0.09185EPSS
Exploits0References1
CERT
CERT
added 2002/12/10 12:0 a.m.25 views

Multiple FTP clients contain directory traversal vulnerabilities

Overview Multiple File Transfer Protocol FTP clients contain directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. Description In a typical file transfer operation, one participant the client requests a file while a second participant the...

5CVSS6.1AI score0.02776EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2002/07/30 12:0 a.m.114 views

Cisco TFTP Server Long Filename DoS (CSCdy03429)

Trivial File Transfer Protocol TFTP is a protocol which allows for easy transfer of files between network connected devices. A vulnerability has been discovered in the processing of filenames within a TFTP read request when Cisco IOS is configured to act as a TFTP server. This vulnerability is...

7.1CVSS5.3AI score0.09085EPSS
Exploits0References1
OSV
OSV
added 2002/07/26 4:0 a.m.2 views

DEBIAN-CVE-2002-0714

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses...

7.5CVSS7AI score0.02746EPSS
Exploits0References1
CERT
CERT
added 2002/04/29 12:0 a.m.117 views

File Transfer Protocol allows data connection hijacking via PASV mode race condition

Overview There is a vulnerability in the File Transfer Protocol FTP that allows an attacker to hijack FTP data connections when the client connects using passive mode PASV. Description In FTP PASV mode, the client makes a control connection to the FTP server typically port 21/tcp and requests a...

10CVSS6.4AI score0.0404EPSS
Exploits0References6
NVD
NVD
added 2001/12/31 5:0 a.m.16 views

CVE-2001-1484

Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol TFTP to modify firmware and configuration via a bounce attack from a system on the local area network LAN side, which is allowed to access TFTP without authentication...

7.5CVSS6.6AI score0.02364EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2001/06/27 12:0 a.m.5 views

PT-2001-1559 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: IIS versions 5.0 and earlier Description: The issue allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. This can be exploited in the FTP service. Recommendations: For...

7.5CVSS6.7AI score0.14724EPSS
Exploits0References5
CERT
CERT
added 2001/04/10 12:0 a.m.15 views

Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks

Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...

8.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2000/02/11 12:0 a.m.12 views

PT-2000-1128 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH affected versions not specified Description: The issue allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP...

10CVSS7.8AI score0.99506EPSS
Exploits207References335
Vulnrichment
Vulnrichment
added 1999/09/29 4:0 a.m.2 views

CVE-1999-0035

Race condition in signal handling routine in ftpd, allowing read/write arbitrary files...

6.6AI score0.00815EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 1999/01/01 5:0 a.m.1 views

CVE-1999-0614

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration CCE. Notes: the former description i...

5.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 1999/01/01 5:0 a.m.1 views

CVE-1999-0616

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration CCE. Notes: the former description i...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 1997/12/10 12:0 a.m.4 views

PT-1997-1005 · Ibm +8 · Aix +10

Name of the Vulnerable Software and Affected Versions: FTP servers affected versions not specified Description: The issue allows an attacker to connect to arbitrary ports on machines other than the FTP client. This is also known as FTP bounce. Recommendations: At the moment, there is no informati...

7.5CVSS5.9AI score0.01959EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 1997/09/01 12:0 a.m.5 views

PT-1997-1084 · Linux · Linux Tftp

Name of the Vulnerable Software and Affected Versions: Linux TFTP affected versions not specified Description: The issue allows access to files outside the restricted directory in Linux implementations of TFTP. Recommendations: At the moment, there is no information about a newer version that...

6.4CVSS6AI score0.01555EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 1997/06/11 12:0 a.m.5 views

PT-1997-1042 · Sgi · Irix

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns a file descriptor leak in the getcwd function when using FTP. Recommendations: At the moment, there is no information about a newer version that contains a fix fo...

5CVSS6.3AI score0.01758EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 1997/01/01 12:0 a.m.5 views

PT-1997-1093 · Ftp · Ftp

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. Recommendations: At the moment, there is no information about a newer version th...

6.4CVSS6.3AI score0.06212EPSS
Exploits0References2
Rows per page
Query Builder