Debian Security Advisory DSA 499-1 (rsync)

The remote host is missing an update to rsync announced via advisory DSA 499-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

DEBIAN-CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

File Transfer 1.2 - Request File Directory Traversal

File Transfer 1.2 - Request File Directory Traversal source: https://www.securityfocus.com/bid/28453/info File Transfer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary...

File Transfer 1.2 - Request File Directory Traversal

source: https://www.securityfocus.com/bid/28453/info File Transfer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary files outside of the application's root directory. Th...

php CRLF injection

CRLF injection vulnerability in the ftpputcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands...

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs...

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs...

CVE-2007-5546

Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow remote attackers to execute arbitrary code or cause a denial of service service stop and file-transfer outage via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information...

FTP protocol PASV design flaw affects konqueror

The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...

kdelibs KDE JavaScript denial of service (crash)

ecma/kjshtml.cpp in KDE JavaScript KJS, as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service crash by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference...

php CRLF injection

CRLF injection vulnerability in the ftpputcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands...

Design/Logic Flaw

Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a 1 scp, and possibly a 2 sftp or 3 ftp, URL, as demonstrated by a URL specifying login to the remote server with a...

CVE-2007-4909

WinSCP (before 4.0.4) is affected by an interpretation conflict in its URL handler that lets remote attackers perform arbitrary file transfers via certain scp/sftp/ftp URLs, by abusing a login-as-username on the URL which is parsed differently by the protocol handler. The issue is described as a ...

WinSCP < 4.0.4 URL Protocol Handler Arbitrary File Transfer

Binary data 4214.prm...

WinSCP &lt; 4.04 url protocol handler flaw

-Affected products: WinSCP 4.03 and older -Details: By default WinSCP installs url protocol handlers for the scp:// and sftp:// protocols. These could be used by malicious web content to automatically upload any file from the local system to a remote server, or automatically download files from a...

WinSCP URL Protocol Handler Arbitrary File Transfer

According to its version, the installation of WinSCP on the remote host fails to completely sanitize input to the SCP and SFTP protocol handlers. If an attacker can trick a user on the affected host into clicking on a malicious link, a file transfer can be initiated to or from the affected host. ...

magellan-traverse.txt

HISPASEC Security Advisory http://blog.hispasec.com/lab/ Name : 2K7SEPT6 Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal Class : Remote Directory Traversal Threat level : HIGH Discovered : 2007-08-14 Published : 2007-09-06 Credit : Gynvael Coldwind Vulnerable : 3.32 built...

Buffer overflow

Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service application crash via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this...

CVE-2007-4635

CVE-2007-4515 and CVE-2007-4635 pertain to Yahoo! Messenger, targeting the YVerInfo.dll ActiveX control. The root cause is a buffer overflow in the ActiveX methods fvCom and info, exploitable by crafted inputs. CVE-2007-4515 describes a pre-8.1.0.419 condition allowing remote code execution; CVE-...

Yahoo! Messenger 8.1 - File Transfer Denial of Service

Yahoo! Messenger 8.1 - File Transfer Denial of Service source: https://www.securityfocus.com/bid/25484/info Yahoo! Messenger is prone to a denial-of-service vulnerability because it fails to handle certain file-transfer packets. Attackers can exploit this issue to crash the application, causing...