266 matches found
ALPINE-CVE-2019-3858
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
UBUNTU-CVE-2019-3858
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
DEBIAN-CVE-2019-3858
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
BSA-2019-767
Security Advisory ID : BSA-2019-767 Component : LIBSSH2 Revision : 1.0: Final libssh2 is a client-side C library implementing the SSH2 protocol.It supports regular terminal, SCP and SFTPsessions; port forwarding, X11 forwarding; password, key-based and keyboard-interactive authentication. Libssh2...
libssh2 out-of-bounds read vulnerability (CNVD-2019-07802 )
libssh2 is a client-side C library that implements the SSH2 protocol, which is capable of executing remote commands, file transfers, and providing a secure transmission channel for remote programs. An out-of-bounds read vulnerability exists in libssh2, which can be exploited by a remote attacker...
libssh2 out-of-bounds read vulnerability (CNVD-2019-07797)
libssh2 is a client-side C library that implements the SSH2 protocol, which is capable of executing remote commands, file transfers, and providing a secure transmission channel for remote programs. An out-of-bounds read vulnerability exists in libssh2, which can be exploited by a remote attacker...
CVE-2018-16792
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data...
CVE-2018-9068
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...
Excerpts from Modern Bank Heists – Non Malware Attack Methods
Carbon Black recently published a report on the latest non-malware attack methods, and how to counteract them. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live Demo,...
CVE-2016-10710
Biscom Secure File Transfer SFT 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix...
Design/Logic Flaw
Biscom Secure File Transfer SFT 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix...
CVE-2016-10710
Biscom Secure File Transfer SFT 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix...
CVE-2016-10710
Biscom Secure File Transfer SFT 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix...
CVE-2016-10710
Biscom Secure File Transfer (SFT) versions 5.0.1000–5.0.1048 fail to validate the dataFieldId and use sequential numbers, enabling remote authenticated users to overwrite or read files via crafted requests. The issue is fixed in version 5.0.1050. Affected platforms are Biscom SFT; exact root caus...
Memory leak vulnerability in multiple Huawei products (CNVD-2018-00338)
Huawei DP300, RP200, TE30/40/50/60, and TP3106/3206 are Huawei's all-in-one desktop and high-definition videoconferencing products for high-end customers. A memory leak vulnerability exists in multiple Huawei products, which is due to the program failing to adequately verify messages. An...
PSFTPd Windows FTP Server Memory Misreference Vulnerability
PSFTPd is a suite of FTP server software. The software supports protocols such as FTP, FTPS and SFTP.SFTP component is one of the secure file transfer components. A memory misreference vulnerability exists in the SFTP component of PSFTPd version 10.0.4 Build 729. A remote attacker can exploit thi...
jsch: ChannelSftp path traversal vulnerability
A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get. An attacker could leverage this to write files outside the client's download basedir with effective permissions of the jsch sf...
Biscom Secure File Transfer Detection
Detection of Biscom Secure File Transfer. The script sends a connection request to the server and attempts to detect Biscom Secure File Transfer and to extract its firmware version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...
Biscom Secure File Transfer XSS Vulnerability
Biscom Secure File Transfer is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Biscom Secure File Transfer Cross-Site Scripting Vulnerability
Biscom Secure File Transfer SFT is a Web-based file transfer solution from Biscom USA. The solution has features such as file sharing, workspace creation and automatic file cleanup. A cross-site scripting vulnerability exists in the Package Name field in Biscom SFT. A remote attacker could exploi...