19 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-36254
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. CVE-2020-36254 Note that Nessus relies on...
Linux Distros Unpatched Vulnerability : CVE-2019-7282
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The...
SUSE CVE-2005-3007
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." dot, which might allow remote attackers to trick users into processing dangerous content...
SUSE CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...
SUSE CVE-2019-25018
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT...
VulnCheck KEV: CVE-2021-25094
The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...
UBUNTU-CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
VulnCheck KEV: CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...
openssh: scp client improper directory name validation
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...
The vulnerability of the OpenSSH cryptographic protection is caused by errors in checking the name of the scp.c directory on the client scp, which allows a hacker to alter the access rights to the target directory.
The vulnerability of the OpenSSH cryptographic protection arises due to errors in checking the name of the scp.c directory on the scp client. Exploiting this vulnerability allows a malicious actor to alter the access rights to the target directory by using the file name “.” or an empty file name...
The vulnerability of the OpenSSH cryptographic protection is caused by errors in checking the name of the scp.c directory on the client scp, which allows a hacker to alter the access rights to the target directory.
The vulnerability of the OpenSSH cryptographic protection arises due to errors in checking the name of the scp.c directory on the scp client. Exploiting this vulnerability allows a malicious actor to alter the access rights to the target directory by using the file name “.” or an empty file name...
UBUNTU-CVE-2019-7282
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685...
DEBIAN-CVE-2019-7282
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685...
ALPINE-CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...
DEBIAN-CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...
CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...
UBUNTU-CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...
CVE-2013-5576
administrator/components/commedia/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . dot...