20 matches found
Oracle: Security Advisory (ELSA-2010-0585)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 5 : lftp (ELSA-2010-0585)
The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2010-0585 advisory. - Related: CVE-2010-2251 - document change of xfer:clobber default value in manpage, respect xfer:clobber on with xfer:auto-rename on old behaviour - Related:...
FreeBSD Ports: lftp
The remote host is missing an update to the system as announced in the referenced advisory. VID 29b7e3f4-b6a9-11df-ae63-f255a795cb21 OpenVAS Vulnerability Test $ Description: Auto generated from VID 29b7e3f4-b6a9-11df-ae63-f255a795cb21 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...
FreeBSD : lftp -- multiple HTTP client download filename vulnerability (29b7e3f4-b6a9-11df-ae63-f255a795cb21)
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...
Debian Security Advisory DSA 2085-1 (lftp)
The remote host is missing an update to lftp announced via advisory DSA 2085-1. OpenVAS Vulnerability Test $Id: deb20851.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2085-1 lftp Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...
Debian DSA-2085-1 : lftp - missing input validation
It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute...
[SECURITY] [DSA 2085-1] New lftp packages fix file overwrite vulnerability
------------------------------------------------------------------------ Debian Security Advisory DSA-2085-1 [email protected] http://www.debian.org/security/ Sebastien Delafond August 03, 2010 http://www.debian.org/security/faq -...
RHEL 5 : lftp (RHSA-2010:0585)
An updated lftp package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
lftp security update
3.7.11-4.el55.3 - Related: CVE-2010-2251 - document change of xfer:clobber default value in manpage, respect xfer:clobber on with xfer:auto-rename on old behaviour 3.7.11-4.el55.2 - Related: CVE-2010-2251 - describe new option xfer:auto-rename which could restore old behaviour in manpage...
Mandriva Linux Security Advisory : lftp (MDVSA-2010:128)
A vulnerability has been found and corrected in lftp : The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via...
[ MDVSA-2010:128 ] lftp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:128 http://www.mandriva.com/security/ Package : lftp Date : July 6, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in...
CVE-2010-2251
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...
CVE-2010-2251
CVE-2010-2251 affects the FTP/HTTP client lftp (prior to 4.0.6). The vulnerability arises in the get1 path used by lftpget, where a server-provided filename from Content-Disposition is not properly validated, allowing a remote server to influence the destination filename and potentially overwrite...
CVE-2010-2251
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...
CVE-2010-2251
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...
Fedora 12 : lftp-4.0.8-1.fc12 (2010-9819)
CVE-2010-2251 lftp: multiple HTTP client download filename vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)
This update of lftp improves the filename handling of downloaded files to avoid downloading arbitrary content to unexpected locations like .login. CVE-2010-2251 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...
openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)
This update of lftp improves the filename handling of downloaded files to avoid downloading arbitrary content to unexpected locations like .login. CVE-2010-2251 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...
Mandriva Update for epiphany MDVA-2010:128 (epiphany)
Check for the Version of epiphany OpenVAS Vulnerability Test Mandriva Update for epiphany MDVA-2010:128 epiphany Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Mandriva Update for epiphany MDVA-2010:128-1 (epiphany)
Check for the Version of epiphany OpenVAS Vulnerability Test Mandriva Update for epiphany MDVA-2010:128-1 epiphany Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...