156 matches found
CVE-2017-17405
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...
ALPINE-CVE-2017-17405
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...
CVE-2017-17405
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...
CVE-2017-17405
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...
Mandriva Linux Security Advisory : erlang (MDVSA-2015:174)
Updated erlang packages fixes security vulnerability : An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP comman...
MGASA-2014-0553 Updated erlang packages fix security vulnerabilities
Updated erlang packages fixes security vulnerability: An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP command...
Updated erlang packages fix security vulnerabilities
Updated erlang packages fixes security vulnerability: An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP command...
ProFTPD 1.2 SIZE Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2185/info A memory leak has been reported in all versions of ProFTPd. The SIZE FTP command causes the server to misallocate and leak small amounts of memory each time the command is executed. If a sufficient number of the...
GlobalScape CuteFTP 5.0 LIST Response Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6642/info A buffer overflow condition has been reported for the CuteFTP application. The vulnerability is due to insufficient bounds checking performed on certain FTP command responses. If CuteFTP is used to connect to a...
Mollensoft Software Enceladus Server Suite 3.9 FTP Command Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/6345/info Enceladus Server Suite is prone to a remotely exploitable buffer overflow vulnerability. It is possible to trigger this condition by supplying an overly long value for several FTP commands. To exploit this issue...
Ipswitch WS_FTP Server 3.4/4.0 FTP Command Buffer Overrun Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/8542/info Ipswitch WSFTP Server is reported to be prone to buffer overruns when handling data supplied to the APPE and STAT FTP commands. An FTP user who supplies excessive input to these commands could potentially execut...
Mini FTP Server 1.1 Buffer Corruption Remote Denial of Service
No description provided by source. !/usr/bin/python Mini FTP Server 1.1 Buffer Corruption Remote Denial Of Service Exploit Vendor: webmaster442 Product web page: http://miniftpserver.codeplex.com Affected version: 1.1.1.0 Summary: Minimal FTP server for windows. Uses only managed code. Works with...
CVE-2013-0476
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to inject arbitrary FTP commands via unspecified vectors...
Command injection
Microsoft FTP Service 7.0 and 7.5 for Internet Information Services IIS processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."...
CVE-2012-2532
CVE-2012-2532 affects Microsoft Internet Information Services (IIS) FTP service in IIS 7.0 and 7.5. The vulnerability arises from the FTP service processing unspecified commands before TLS negotiation, enabling remote attackers to disclose sensitive information from responses to those commands (F...
CVE-2012-2532
Microsoft FTP Service 7.0 and 7.5 for Internet Information Services IIS processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."...
Stack overflow
Stack-based buffer overflow in SR10 FTP server SR10.exe 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command...
Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64
CVE-2009-1891 httpd: possible temporary DoS CPU consumption in moddeflate CVE-2009-3094 httpd: NULL pointer defer in modproxyftp caused by crafted EPSV and PASV reply CVE-2009-3095 httpd: modproxyftp FTP command injection via Authorization HTTP header CVE-2009-3555 TLS: MITM attacks via session...
Gentoo Security Advisory GLSA 201110-25 (Pure-FTPd)
The remote host is missing updates announced in advisory GLSA 201110-25. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Successful Shell Attack Detected - 'ftp' Command
Binary data 6193.prm...