EUVD-2002-1535

Malware in sbrugna...

EUVD-2019-19169

Malware in sbrugna...

CVE-2010-5294

Multiple cross-site scripting XSS vulnerabilities in the requestfilesystemcredentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a 1 FTP or 2 SSH connection attempt...

CVE-2019-9807

When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox 66...

CVE-2019-9809

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service DOS attack. This...

CentOS 8 : curl (CESA-2023:3106)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:3106 advisory. - An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during...

Ricoh Printer - Directory and File Exposure Exploit

Exploit Title: Ricoh Printer Directory and File Exposure Exploit Author: Thomas Heverin Heverin Hacker Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Findermain.py Version: Ricoh Printers - All...

Oracle Linux 8 : curl (ELSA-2023-3106)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3106 advisory. 7.61.1-30.el88.2 - sftp: do not specify OAPPEND when not in append mode 2187717 7.61.1-30.el88.1 - fix FTP too eager connection reuse CVE-2023-27535 Tenable has...

Oracle Linux 9 : curl (ELSA-2023-2650)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2650 advisory. - fix FTP too eager connection reuse CVE-2023-27535 - fix HTTP multi-header compression denial of service CVE-2023-23916 - smb/telnet: fix use-after-free when...

Internet Bug Bounty: CVE-2023-27535: FTP too eager connection reuse

A vulnerability was found in libcurl versions 7.13.0 to 7.88.1 that allowed the reuse of previously created FTP connections even when one or more options had been changed, leading to the second transfer being done with wrong credentials. This was due to several FTP settings being left out from th...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2023-079-01)

The version of curl installed on the remote host is prior to 8.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-079-01 advisory. - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker t...

curl -- multiple vulnerabilities

Harry Sintonen reports: CVE-2023-27533 curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl...

FE File Explorer 11.0.4 Local File Inclusion Exploit

Exploit Title: FE File Explorer 11.0.4 Local File inclusion Exploit Author: Chokri Hammedi Vendor Homepage: https://www.skyjos.com/ Software Link: https://apps.apple.com/us/app/fe-file-explorer-file-manager/id510282524 Version: 11.0.4 Tested on: iPhone ios 15.6 from ftplib import FTP import...

GHSA-RCRV-6R7R-RR7M Missing permission check in Jenkins FTP publisher Plugin

A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpldoLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

User Enumeration

firefox:xenial is vulnerable to User Enumeration. When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks...

Spybrowse - Code Developed To Steal Certain Browser Config Files (History, Preferences, Etc)

Be sure to change the ftp variables throughout the code, these variables contain the username, password, & IP address of the FTP server which receives the files. This code will do the following: 1. Copy itself into the %TMP% directory & name itself ursakta.exe 2. Add a registry entry to execute...

SOS JobScheduler 1.13.3 CVE-2020-12712 Stored Password Decryption

SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt. Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com...

CVE-2019-9807

When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox 66...

CVE-2019-9809

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service DOS attack. This...

CVE-2019-9807

When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox 66...