Lucene search
K

3504 matches found

Krebs on Security
Krebs on Security
added 2024/11/20 1:12 a.m.20 views

Fintech Giant Finastra Investigating Data Breach

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of the security incident...

7AI score
Exploits0
NVD
NVD
added 2024/11/18 4:15 p.m.18 views

CVE-2020-26074

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

7.8CVSS0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/18 3:56 p.m.15 views

CVE-2020-26074 Cisco SD-WAN vManage Privilege Escalation Vulnerability

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

7.8CVSS0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/18 3:56 p.m.10 views

CVE-2020-26074 Cisco SD-WAN vManage Privilege Escalation Vulnerability

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

7.8CVSS7.6AI score0.00185EPSS
Exploits0References2
OSV
OSV
added 2024/11/12 1:15 p.m.5 views

CVE-2024-46894

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured...

5.4CVSS7.2AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2024/11/12 1:15 p.m.5 views

CVE-2024-46888

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and...

9.9CVSS6.2AI score0.00882EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.3 views

Progress Software WS_FTP Server 安全漏洞

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, Inc. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.9 that stems from an incorrect implementation of the authentication algorithm in the Web Transfer...

6.5CVSS6.8AI score0.00413EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.5 views

PT-2024-39990

Name of the Vulnerable Software and Affected Versions WS FTP Server versions prior to 8.8.9 Description The issue is related to an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing users to bypass the second-factor verification and log in using only the...

6.5CVSS5.8AI score0.00413EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.4 views

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. An unauthorized access vulnerability exists in Siemens SINEC INS, which could be exploited by an attacker to obtain information about the user list of the SFTP service...

6.3CVSS6.4AI score0.00262EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2024/11/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-45440

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a...

4.4CVSS5.8AI score0.00249EPSS
Exploits0References1
OSV
OSV
added 2024/10/30 2:15 p.m.3 views

CVE-2024-33700

The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption...

7.5CVSS5.8AI score0.0083EPSS
Exploits1References2
OSV
OSV
added 2024/10/30 2:15 p.m.2 views

CVE-2024-32946

A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks...

5.9CVSS5.8AI score0.00282EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/10/30 11:0 a.m.21 views

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed...

6.6AI score
Exploits0
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.4 views

LevelOne WBR-6012 输入验证错误漏洞

The LevelOne WBR-6012 is a wireless router from LevelOne. The LevelOne WBR-6012 suffers from an Input Authentication Error vulnerability that originates from a series of incorrectly formatted FTP commands that can lead to a denial of service...

7.5CVSS6.7AI score0.0083EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.2 views

PT-2024-24993 · Levelone · Levelone Wbr-6012

Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 router version R0.40e6 Description: A vulnerability in the LevelOne WBR-6012 router's firmware allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks...

5.9CVSS6.9AI score0.00282EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.8 views

PT-2024-25456 · Levelone · Levelone Wbr-6012

Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 router firmware version R0.40e6 Description: The issue is related to an input validation vulnerability within the FTP functionality, allowing attackers to cause a denial of service through a series of malformed FTP commands...

7.5CVSS7.2AI score0.0083EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2024/10/30 12:0 a.m.6 views

The vulnerability of the Xlight file server exists due to a mistake caused by integer overflow, allowing attackers to execute arbitrary code by sending specially crafted SFTP packets.

The vulnerability of the Xlight file server exists due to a mistake caused by integer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted SFTP packets...

10CVSS6AI score0.01115EPSS
Exploits0References3Affected Software1
Cisco
Cisco
added 2024/10/23 4:0 p.m.14 views

Cisco Adaptive Security Appliance and Firepower Threat Defense Software TLS Denial of Service Vulnerability

A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...

8.6CVSS8.5AI score0.00518EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.3 views

Xlight FTP 输入验证错误漏洞

Xlight FTP is a high performance and easy to use FTP server software from Xlight FTP Inc. Make file transfers secure and easy to use. A security vulnerability exists in Xlight FTP versions prior to 3.9.4.3 that stems from an integer overflow in the SFTP server packet parsing logic, which could le...

9.8CVSS7AI score0.01115EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.3 views

SolarWinds Serv-U 跨站脚本漏洞

SolarWinds Serv-U is an FTP File Transfer Protocol server software from the US-based SolarWinds Corporation. A cross-site scripting vulnerability exists in SolarWinds Serv-U version 15.4.2.3 and earlier, which stems from vulnerability to a cross-site scripting attack that allows an authenticated...

4.8CVSS5.7AI score0.00825EPSS
Exploits0References2
Rows per page
Query Builder