14 matches found
EUVD-2009-3460
Malware in sbrugna...
EUVD-2008-2394
Malware in sbrugna...
CVE-2009-3478
Argument injection vulnerability in 1 src/content/js/connection/sftp.js and 2 src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename...
FireFTP Extension for Firefox SFTP Filename Handling Vulnerability
该漏洞是由于不正确的FireFTP之前将它们传递给psftp.exe某些文件名。这可以被利用来如欺骗用户下载到fire安装目录中的文件或执行通过SFTP服务器上的文件,不需要特别命名SFTP发布业务用户。 成功攻击要求攻击者可以诱骗受害者移动,删除,模式发生变化,或下载一个SFTP服务器特别命名的文件。 据该漏洞在版本1.0.5。其它版本也可能受到影响。 FireFTP 1.x extension for Firefox Update to version 1.0.6. http://fireftp.mozdev.org/...
Code injection
Argument injection vulnerability in 1 src/content/js/connection/sftp.js and 2 src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename...
CVE-2009-3478
Argument injection vulnerability in 1 src/content/js/connection/sftp.js and 2 src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename...
CVE-2009-3478
Argument injection vulnerability in 1 src/content/js/connection/sftp.js and 2 src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename...
CVE-2009-3478
FireFTP Extension 1.0 for Firefox is affected by CVE-2009-3478. An argument injection flaw arises from improper filtering/encoding of a double quote in filenames when FireFTP builds the command to psftp.exe, allowing remote authenticated SFTP users to cause victims to alter permissions, delete, d...
CVE-2008-2399
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ dot dot backslash sequences in responses to 1 MLSD and 2 LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged f...
Directory traversal
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ dot dot backslash sequences in responses to 1 MLSD and 2 LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged f...
CVE-2008-2399
Technical details on CVE-2008-2399 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2008-2399
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ dot dot backslash sequences in responses to 1 MLSD and 2 LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged f...
FireFTP MLSD及LIST命令目录遍历漏洞
BUGTRAQ ID: 29289 FireFTP是在Firefox中使用的FTP客户端扩展。 FireFTP在处理从FTP服务器所返回的MLSD和LIST命令响应时存在目录遍历漏洞,如果用户受骗从恶意的FTP服务器下载了包含有目录遍历序列文件名的文件的话,就会导致向用户系统的任意位置写入文件。 FireFTP 0.97.1 FireFTP ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
FireFTP filename directory traversal sequence vulnerability
Overview The FireFTP Mozilla Firefox extension contains a vulnerability that may allow an attacker to write files to arbitrary locations. Description FireFTP is a Firefox extension that provides FTP client functionality. Firefox extensions can run with Chrome privileges which allow them to...