Lucene search
K

3527 matches found

Vulnrichment
Vulnrichment
added 2024/11/26 7:27 a.m.10 views

CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...

3.8CVSS7.2AI score0.00614EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.4 views

PT-2024-38846

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX API ftptest.cgi did not have sufficient input validation, allowing for a possible command injection. This could lead to the ability to transfer files from or to the Axis...

3.8CVSS5.4AI score0.00614EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.8 views

The vulnerability of the SFTP module in the software for managing network infrastructure of SINEC INS allows a perpetrator to execute arbitrary code.

The vulnerability of the SFTP module in the SINEC INS software for managing network infrastructure is related to errors in file upload path cleaning. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.9CVSS7.8AI score0.00882EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.3 views

AIPHONE IX SYSTEM和AIPHONE IXG SYSTEM 安全漏洞

AIPHONE IX SYSTEM and AIPHONE IXG SYSTEM are both products of AIPHONE CORPORATION Japan AIPHONE IX SYSTEM is an IP visual intercom system.AIPHONE IXG SYSTEM is an IP-based residential system. A security vulnerability exists in AIPHONE IX SYSTEM and AIPHONE IXG SYSTEM that stems from the presence ...

5.4CVSS5.7AI score0.00325EPSS
Exploits0References5
Krebs on Security
Krebs on Security
added 2024/11/20 1:12 a.m.20 views

Fintech Giant Finastra Investigating Data Breach

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of the security incident...

7AI score
Exploits0
NVD
NVD
added 2024/11/18 4:15 p.m.18 views

CVE-2020-26074

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

7.8CVSS0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/18 3:56 p.m.10 views

CVE-2020-26074 Cisco SD-WAN vManage Privilege Escalation Vulnerability

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

7.8CVSS7.6AI score0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/18 3:56 p.m.16 views

CVE-2020-26074 Cisco SD-WAN vManage Privilege Escalation Vulnerability

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

7.8CVSS0.00185EPSS
Exploits0References2
OSV
OSV
added 2024/11/12 1:15 p.m.5 views

CVE-2024-46894

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured...

5.4CVSS7.2AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2024/11/12 1:15 p.m.5 views

CVE-2024-46888

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and...

9.9CVSS6.2AI score0.00882EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.4 views

Progress Software WS_FTP Server 安全漏洞

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, Inc. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.9 that stems from an incorrect implementation of the authentication algorithm in the Web Transfer...

6.5CVSS6.8AI score0.00413EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.6 views

PT-2024-39990

Name of the Vulnerable Software and Affected Versions WS FTP Server versions prior to 8.8.9 Description The issue is related to an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing users to bypass the second-factor verification and log in using only the...

6.5CVSS5.8AI score0.00413EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.5 views

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. An unauthorized access vulnerability exists in Siemens SINEC INS, which could be exploited by an attacker to obtain information about the user list of the SFTP service...

6.3CVSS6.4AI score0.00262EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2024/11/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-45440

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a...

4.4CVSS5.8AI score0.00249EPSS
Exploits0References1
OSV
OSV
added 2024/10/30 2:15 p.m.3 views

CVE-2024-33700

The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption...

7.5CVSS5.8AI score0.0083EPSS
Exploits1References2
OSV
OSV
added 2024/10/30 2:15 p.m.2 views

CVE-2024-32946

A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks...

5.9CVSS5.8AI score0.00282EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/10/30 11:0 a.m.21 views

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed...

6.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.3 views

PT-2024-24993 · Levelone · Levelone Wbr-6012

Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 router version R0.40e6 Description: A vulnerability in the LevelOne WBR-6012 router's firmware allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks...

5.9CVSS6.9AI score0.00282EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.6 views

LevelOne WBR-6012 输入验证错误漏洞

The LevelOne WBR-6012 is a wireless router from LevelOne. The LevelOne WBR-6012 suffers from an Input Authentication Error vulnerability that originates from a series of incorrectly formatted FTP commands that can lead to a denial of service...

7.5CVSS6.7AI score0.0083EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.8 views

PT-2024-25456 · Levelone · Levelone Wbr-6012

Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 router firmware version R0.40e6 Description: The issue is related to an input validation vulnerability within the FTP functionality, allowing attackers to cause a denial of service through a series of malformed FTP commands...

7.5CVSS7.2AI score0.0083EPSS
Exploits1References6
Rows per page
Query Builder