21 matches found
CVE-2016-10733
ProjectSend (formerly cFTP) r582 is affected by a directory traversal vulnerability that can be triggered through the file parameter (file=../) in the process-zip-download.php query string. This vulnerability is documented in CVE-2016-10733. The impact is described in the associated CVSS metrics ...
CVE-2016-10734
ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...
CVE-2016-10731
ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...
CVE-2016-10734
ProjectSend (formerly cFTP) r582 contains an Insecure Direct Object Reference vulnerability in includes/actions.log.export.php. The CNVD entry notes that ProjectSend is a PHP/MySQL self-hosted application, and the NVD entry documents a high-impact issue with access control to object references. T...
CVE-2017-9783
Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated...
CVE-2017-9783
CVE-2017-9783 affects ProjectSend (formerly cFTP), a PHP/MySQL-based self-hosted app. A Cross-site Scripting (XSS) vulnerability exists in the Description field during a Site name update, allowing remote attackers to inject arbitrary web script or HTML. The issue is tied to commits before 6c37104...
ProjectSend r582 - Multiple Vulnerabilities
Advisory ID: SGMA-16001 Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference Risk level: 4 / 5 Credit:...
CVE-2014-9580
CVE-2014-9580 concerns a Cross-site scripting (XSS) flaw in ProjectSend (formerly cFTP) version r561. The vulnerability enables remote attackers to inject arbitrary web script or HTML via the Description field of a file upload. This is the concrete, described impact: execution of injected scripts...
CVE-2014-9567
ProjectSend (formerly cFTP) is affected by CVE-2014-9567 via an Unrestricted file upload in process-upload.php, spanning r100–r561. A remote attacker can upload a PHP file and access it in upload/files/ or upload/temp/ to execute arbitrary PHP code. Impact is described as remote code execution wi...
cFTP <= 0.1 (r80) Arbitrary File Upload
No description provided by source. ?php Exploit Title: cFTP = 0.1 r80 Arbitrary File Upload Date: 2011-07-29 Author: leviathan vulnerability discovered by Simon Leblanc : https://code.google.com/p/clients-oriented-ftp/issues/detail?id=78 Software Link:...
cftp 0.12 Banner Parsing Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8160/info A buffer overflow vulnerability has been reported in cftp. The vulnerability occurs when cftp is parsing 'Welcome' banner messages from remote FTP servers. When cftp receives an FTP banner exceeding a certain...
CVE-2011-3713
cFTP r80 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/sessioncheck.php and certain other files...
Information disclosure
cFTP r80 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/sessioncheck.php and certain other files...
CVE-2011-3713
CVE-2011-3713 concerns cFTP r80 where a direct request to a PHP file (e.g., templates/session_check.php and similar) can disclose the installation path via an error message, enabling information disclosure. The available documents identify the vulnerable component as part of cFTP r80 and describe...
CVE-2011-3713
cFTP r80 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/sessioncheck.php and certain other files...
cFTP <= 0.1 (r80) Arbitrary File Upload
No description provided by source. ?php Exploit Title: cFTP = 0.1 r80 Arbitrary File Upload Date: 2011-07-29 Author: leviathan vulnerability discovered by Simon Leblanc : https://code.google.com/p/clients-oriented-ftp/issues/detail?id=78 Software Link:...
cFTP <= 0.1 (r80) Arbitrary File Upload
Exploit for php platform in category web applications Software Link: https://code.google.com/p/clients-oriented-ftp/downloads/list Version: 0.1 Tested on: linux // Vulnerable URL $url = 'http://url domain/cFTP/'; // The file to upload $filename = dirnameFILE.'/info.php'; $failext = array'php',...
cFTP 0.1 - 'r80' Arbitrary File Upload
Software Link: https://code.google.com/p/clients-oriented-ftp/downloads/list Version: 0.1 Tested on: linux // Vulnerable URL $url = 'http://url domain/cFTP/'; // The file to upload $filename = dirnameFILE.'/info.php'; $failext = array'php', 'pl'; $username = 'hackname'.rand0, 999999;...
cFTP 0.1 - r80 Arbitrary File Upload
cFTP 0.1 - r80 Arbitrary File Upload Software Link: https://code.google.com/p/clients-oriented-ftp/downloads/list Version: 0.1 Tested on: linux // Vulnerable URL $url = 'http://url domain/cFTP/'; // The file to upload $filename = dirnameFILE.'/info.php'; $failext = array'php', 'pl'; $username =...
cftp 0.12 - Banner Parsing Buffer Overflow
source: https://www.securityfocus.com/bid/8160/info A buffer overflow vulnerability has been reported in cftp. The vulnerability occurs when cftp is parsing 'Welcome' banner messages from remote FTP servers. When cftp receives an FTP banner exceeding a certain length, it will trigger the overflow...