Lucene search
K

1807 matches found

RedHat Linux
RedHat Linux
added 2007/10/19 3:36 p.m.42 views

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way i...

9.3CVSS6AI score0.12736EPSS
Exploits5References4
Mozilla
Mozilla
added 2007/10/18 12:0 a.m.35 views

Possible file stealing through sftp protocol — Mozilla

On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server /tmp perhaps and lure the victim into loading it, the attacker could...

4.3CVSS3.1AI score0.02441EPSS
Exploits1References2Affected Software2
CVE
CVE
added 2007/09/17 5:0 p.m.55 views

CVE-2007-4909

WinSCP (before 4.0.4) is affected by an interpretation conflict in its URL handler that lets remote attackers perform arbitrary file transfers via certain scp/sftp/ftp URLs, by abusing a login-as-username on the URL which is parsed differently by the protocol handler. The issue is described as a ...

9.3CVSS7.1AI score0.03522EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2007/09/14 12:17 a.m.15 views

Design/Logic Flaw

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftp, 3 ftps, or 4 ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs...

6.8CVSS8.1AI score0.02073EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/09/14 12:17 a.m.18 views

CVE-2007-4886

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftp, 3 ftps, or 4 ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs...

6.8CVSS7.6AI score0.02073EPSS
Exploits0References3
securityvulns
securityvulns
added 2007/09/14 12:0 a.m.31 views

WinSCP unfiltered shell characters security vulnerability

Shell characters problem on sftp:// and scp:// URL handlers...

1.5AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/09/14 12:0 a.m.25 views

WinSCP URL Protocol Handler Arbitrary File Transfer

According to its version, the installation of WinSCP on the remote host fails to completely sanitize input to the SCP and SFTP protocol handlers. If an attacker can trick a user on the affected host into clicking on a malicious link, a file transfer can be initiated to or from the affected host. ...

9.3CVSS5.8AI score0.03522EPSS
Exploits0References3
securityvulns
securityvulns
added 2007/05/19 12:0 a.m.37 views

[Full-disclosure] ssh.com ssh-3.2.9.1 sftp server remote off by one

ssh.com ssh-3.2.9.1 sftp server remote off by one ATTENTIONThis has not been tested under reallife conditions ssh-3.2.9.1 which is available from http://ftp.ssh.com/pub/ssh/ contains the same old rootd off by one bug as described bei isec.pl here:...

Exploits0
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.37 views

NetSievben SSH library SFTP DoS

SFTP file descriptors leak...

9.3CVSS1.8AI score0.02408EPSS
Exploits0Affected Software1
Prion
Prion
added 2007/03/24 12:19 a.m.16 views

Buffer overflow

Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7sshsftp.cpp in NetSieben SSH Library ne7ssh before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service crash or possibly execute arbitrary code via multiple file transfers, related to multiple open file handle...

9.3CVSS8.8AI score0.02408EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/03/24 12:19 a.m.14 views

CVE-2007-1654

Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7sshsftp.cpp in NetSieben SSH Library ne7ssh before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service crash or possibly execute arbitrary code via multiple file transfers, related to multiple open file handle...

9.3CVSS8.2AI score0.02408EPSS
Exploits0References3
CVE
CVE
added 2007/03/24 12:0 a.m.52 views

CVE-2007-1654

The CVE-2007-1654 entry maps to NetSieben SSH Library (ne7ssh) before version 1.2.1, where a buffer overflow in Ne7sshSftp::addOpenHandle (ne7ssh_sftp.cpp) can be triggered by user‑assisted remote SFTP servers during multiple file transfers (put/get), leading to a denial of service (crash) and po...

9.3CVSS8.2AI score0.02408EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/03/24 12:0 a.m.17 views

CVE-2007-1654

Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7sshsftp.cpp in NetSieben SSH Library ne7ssh before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service crash or possibly execute arbitrary code via multiple file transfers, related to multiple open file handle...

8.2AI score0.02408EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2007/03/24 12:0 a.m.7 views

PT-2007-3035 · Netsieben · Netsieben Ssh Library

Name of the Vulnerable Software and Affected Versions: NetSieben SSH Library ne7ssh versions prior to 1.2.1 Description: The issue is related to a buffer overflow in the Ne7sshSftp::addOpenHandle function, which can be triggered by user-assisted remote SFTP servers. This can cause a denial of...

9.3CVSS7.9AI score0.02408EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2007/03/16 12:0 a.m.27 views

GLSA-200703-13 : SSH Communications Security's Secure Shell Server: SFTP privilege escalation

The remote host is affected by the vulnerability described in GLSA-200703-13 SSH Communications Security's Secure Shell Server: SFTP privilege escalation The SSH Secure Shell Server contains a format string vulnerability in the SFTP code that handles file transfers scp2 and sftp2. In some...

6.5CVSS5.8AI score0.10188EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2007/03/14 12:0 a.m.51 views

SSH Communications Security's Secure Shell Server: SFTP privilege escalation

Background The SSH Secure Shell Server from SSH Communications Security www.ssh.com is a commercial SSH implementation available free for non-commercial use. Description The SSH Secure Shell Server contains a format string vulnerability in the SFTP code that handles file transfers scp2 and sftp2...

6.5CVSS6.6AI score0.10188EPSS
Exploits0
NVD
NVD
added 2007/01/24 1:28 a.m.17 views

CVE-2007-0020

Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit Transmit.app up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL...

9.3CVSS8.1AI score0.07785EPSS
Exploits0References7
Prion
Prion
added 2007/01/24 1:28 a.m.14 views

Heap overflow

Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit Transmit.app up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL...

9.3CVSS8.7AI score0.07785EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2007/01/24 1:0 a.m.6 views

EUVD-2007-0024

Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit Transmit.app up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL...

9.3CVSS8AI score0.07785EPSS
Exploits0References8
Cvelist
Cvelist
added 2007/01/24 1:0 a.m.28 views

CVE-2007-0020

Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit Transmit.app up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL...

8.1AI score0.07785EPSS
Exploits0References7
Rows per page
Query Builder