14 matches found
EUVD-2009-3460
Malware in sbrugna...
EUVD-2008-2394
Malware in sbrugna...
CVE-2009-3478
Argument injection vulnerability in 1 src/content/js/connection/sftp.js and 2 src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename...
FireFTP Extension for Firefox SFTP Filename Handling Vulnerability
该漏洞是由于不正确的FireFTP之前将它们传递给psftp.exe某些文件名。这可以被利用来如欺骗用户下载到fire安装目录中的文件或执行通过SFTP服务器上的文件,不需要特别命名SFTP发布业务用户。 成功攻击要求攻击者可以诱骗受害者移动,删除,模式发生变化,或下载一个SFTP服务器特别命名的文件。 据该漏洞在版本1.0.5。其它版本也可能受到影响。 FireFTP 1.x extension for Firefox Update to version 1.0.6. http://fireftp.mozdev.org/...
Code injection
Argument injection vulnerability in 1 src/content/js/connection/sftp.js and 2 src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename...
CVE-2009-3478
Argument injection vulnerability in 1 src/content/js/connection/sftp.js and 2 src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename...
CVE-2009-3478
Argument injection vulnerability in 1 src/content/js/connection/sftp.js and 2 src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename...
CVE-2009-3478
FireFTP Extension 1.0 for Firefox is affected by CVE-2009-3478. An argument injection flaw arises from improper filtering/encoding of a double quote in filenames when FireFTP builds the command to psftp.exe, allowing remote authenticated SFTP users to cause victims to alter permissions, delete, d...
Directory traversal
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ dot dot backslash sequences in responses to 1 MLSD and 2 LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged f...
CVE-2008-2399
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ dot dot backslash sequences in responses to 1 MLSD and 2 LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged f...
CVE-2008-2399
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ dot dot backslash sequences in responses to 1 MLSD and 2 LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged f...
CVE-2008-2399
Technical details on CVE-2008-2399 are not publicly available in the provided connected documents. Monitor for updates.
FireFTP MLSD及LIST命令目录遍历漏洞
BUGTRAQ ID: 29289 FireFTP是在Firefox中使用的FTP客户端扩展。 FireFTP在处理从FTP服务器所返回的MLSD和LIST命令响应时存在目录遍历漏洞,如果用户受骗从恶意的FTP服务器下载了包含有目录遍历序列文件名的文件的话,就会导致向用户系统的任意位置写入文件。 FireFTP 0.97.1 FireFTP ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
FireFTP filename directory traversal sequence vulnerability
Overview The FireFTP Mozilla Firefox extension contains a vulnerability that may allow an attacker to write files to arbitrary locations. Description FireFTP is a Firefox extension that provides FTP client functionality. Firefox extensions can run with Chrome privileges which allow them to...