3527 matches found
CVE-2024-8160
Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...
PT-2024-38846
Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX API ftptest.cgi did not have sufficient input validation, allowing for a possible command injection. This could lead to the ability to transfer files from or to the Axis...
The vulnerability of the SFTP module in the software for managing network infrastructure of SINEC INS allows a perpetrator to execute arbitrary code.
The vulnerability of the SFTP module in the SINEC INS software for managing network infrastructure is related to errors in file upload path cleaning. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
AIPHONE IX SYSTEM和AIPHONE IXG SYSTEM 安全漏洞
AIPHONE IX SYSTEM and AIPHONE IXG SYSTEM are both products of AIPHONE CORPORATION Japan AIPHONE IX SYSTEM is an IP visual intercom system.AIPHONE IXG SYSTEM is an IP-based residential system. A security vulnerability exists in AIPHONE IX SYSTEM and AIPHONE IXG SYSTEM that stems from the presence ...
Fintech Giant Finastra Investigating Data Breach
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of the security incident...
CVE-2020-26074
A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...
CVE-2020-26074 Cisco SD-WAN vManage Privilege Escalation Vulnerability
A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...
CVE-2020-26074 Cisco SD-WAN vManage Privilege Escalation Vulnerability
A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...
CVE-2024-46894
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured...
CVE-2024-46888
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and...
Progress Software WS_FTP Server 安全漏洞
Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, Inc. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.9 that stems from an incorrect implementation of the authentication algorithm in the Web Transfer...
PT-2024-39990
Name of the Vulnerable Software and Affected Versions WS FTP Server versions prior to 8.8.9 Description The issue is related to an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing users to bypass the second-factor verification and log in using only the...
Siemens SINEC INS 安全漏洞
Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. An unauthorized access vulnerability exists in Siemens SINEC INS, which could be exploited by an attacker to obtain information about the user list of the SFTP service...
VulnCheck KEV: CVE-2022-45440
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a...
CVE-2024-33700
The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption...
CVE-2024-32946
A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks...
Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code
Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed...
PT-2024-24993 · Levelone · Levelone Wbr-6012
Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 router version R0.40e6 Description: A vulnerability in the LevelOne WBR-6012 router's firmware allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks...
LevelOne WBR-6012 输入验证错误漏洞
The LevelOne WBR-6012 is a wireless router from LevelOne. The LevelOne WBR-6012 suffers from an Input Authentication Error vulnerability that originates from a series of incorrectly formatted FTP commands that can lead to a denial of service...
PT-2024-25456 · Levelone · Levelone Wbr-6012
Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 router firmware version R0.40e6 Description: The issue is related to an input validation vulnerability within the FTP functionality, allowing attackers to cause a denial of service through a series of malformed FTP commands...