Lucene search
K

20 matches found

OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.17 views

Oracle: Security Advisory (ELSA-2010-0585)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS9.6AI score0.03629EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.24 views

Oracle Linux 5 : lftp (ELSA-2010-0585)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2010-0585 advisory. - Related: CVE-2010-2251 - document change of xfer:clobber default value in manpage, respect xfer:clobber on with xfer:auto-rename on old behaviour - Related:...

7.5CVSS5.5AI score0.03629EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/10/10 12:0 a.m.15 views

FreeBSD Ports: lftp

The remote host is missing an update to the system as announced in the referenced advisory. VID 29b7e3f4-b6a9-11df-ae63-f255a795cb21 OpenVAS Vulnerability Test $ Description: Auto generated from VID 29b7e3f4-b6a9-11df-ae63-f255a795cb21 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

7.5CVSS0.03629EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/09/04 12:0 a.m.19 views

FreeBSD : lftp -- multiple HTTP client download filename vulnerability (29b7e3f4-b6a9-11df-ae63-f255a795cb21)

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...

7.5CVSS5.8AI score0.03629EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2010/08/21 12:0 a.m.15 views

Debian Security Advisory DSA 2085-1 (lftp)

The remote host is missing an update to lftp announced via advisory DSA 2085-1. OpenVAS Vulnerability Test $Id: deb20851.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2085-1 lftp Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

7.5CVSS0.4AI score0.03629EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/08/05 12:0 a.m.23 views

Debian DSA-2085-1 : lftp - missing input validation

It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute...

7.5CVSS6AI score0.03629EPSS
Exploits0References2
Debian
Debian
added 2010/08/03 5:44 p.m.23 views

[SECURITY] [DSA 2085-1] New lftp packages fix file overwrite vulnerability

------------------------------------------------------------------------ Debian Security Advisory DSA-2085-1 [email protected] http://www.debian.org/security/ Sebastien Delafond August 03, 2010 http://www.debian.org/security/faq -...

7.5CVSS6.6AI score0.03629EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/08/03 12:0 a.m.26 views

RHEL 5 : lftp (RHSA-2010:0585)

An updated lftp package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS5.3AI score0.03629EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2010/08/02 12:0 a.m.34 views

lftp security update

3.7.11-4.el55.3 - Related: CVE-2010-2251 - document change of xfer:clobber default value in manpage, respect xfer:clobber on with xfer:auto-rename on old behaviour 3.7.11-4.el55.2 - Related: CVE-2010-2251 - describe new option xfer:auto-rename which could restore old behaviour in manpage...

7.5CVSS0.5AI score0.03629EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/07/30 12:0 a.m.22 views

Mandriva Linux Security Advisory : lftp (MDVSA-2010:128)

A vulnerability has been found and corrected in lftp : The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via...

7.5CVSS5.9AI score0.03629EPSS
Exploits0References1
securityvulns
securityvulns
added 2010/07/08 12:0 a.m.52 views

[ MDVSA-2010:128 ] lftp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:128 http://www.mandriva.com/security/ Package : lftp Date : July 6, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in...

7.5CVSS9.5AI score0.03629EPSS
Exploits0
OSV
OSV
added 2010/07/06 5:17 p.m.8 views

CVE-2010-2251

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...

7AI score
Exploits0References15
CVE
CVE
added 2010/07/06 2:0 p.m.73 views

CVE-2010-2251

CVE-2010-2251 affects the FTP/HTTP client lftp (prior to 4.0.6). The vulnerability arises in the get1 path used by lftpget, where a server-provided filename from Content-Disposition is not properly validated, allowing a remote server to influence the destination filename and potentially overwrite...

7.5CVSS9.4AI score0.03629EPSS
Exploits0References15Affected Software1
Debian CVE
Debian CVE
added 2010/07/06 2:0 p.m.17 views

CVE-2010-2251

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...

7.5CVSS7.2AI score0.03629EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2010/07/06 12:0 a.m.19 views

CVE-2010-2251

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...

7.5CVSS6.2AI score0.03629EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2010/07/01 12:0 a.m.23 views

Fedora 12 : lftp-4.0.8-1.fc12 (2010-9819)

CVE-2010-2251 lftp: multiple HTTP client download filename vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

7.5CVSS5.3AI score0.03629EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/06/23 12:0 a.m.21 views

openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)

This update of lftp improves the filename handling of downloaded files to avoid downloading arbitrary content to unexpected locations like .login. CVE-2010-2251 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

7.5CVSS5.5AI score0.03629EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/06/23 12:0 a.m.21 views

openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)

This update of lftp improves the filename handling of downloaded files to avoid downloading arbitrary content to unexpected locations like .login. CVE-2010-2251 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

7.5CVSS5.5AI score0.03629EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2010/04/29 12:0 a.m.18 views

Mandriva Update for epiphany MDVA-2010:128 (epiphany)

Check for the Version of epiphany OpenVAS Vulnerability Test Mandriva Update for epiphany MDVA-2010:128 epiphany Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

7.5CVSS9.2AI score0.03629EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/04/29 12:0 a.m.15 views

Mandriva Update for epiphany MDVA-2010:128-1 (epiphany)

Check for the Version of epiphany OpenVAS Vulnerability Test Mandriva Update for epiphany MDVA-2010:128-1 epiphany Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

7.5CVSS0.03629EPSS
Exploits0References2
Rows per page
Query Builder