MiracleLinux 8 : curl-7.61.1-30.el8.2.ML.1 (AXSA:2023-6186:10)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6186:10 advisory. curl: FTP too eager connection reuse CVE-2023-27535 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : curl-7.76.1-23.el9.1 (AXSA:2023-6065:09)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6065:09 advisory. curl: FTP too eager connection reuse CVE-2023-27535 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

EUVD-2002-1535

Malware in sbrugna...

EUVD-2018-1895

Malware in sbrugna...

EUVD-2019-19169

Malware in sbrugna...

EUVD-2023-31290

Malicious code in bioql PyPI...

CVE-2010-5294

Multiple cross-site scripting XSS vulnerabilities in the requestfilesystemcredentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a 1 FTP or 2 SSH connection attempt...

CVE-2019-9807

When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox 66...

CVE-2019-6645

On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken...

CVE-2019-9809

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service DOS attack. This...

Alibaba Cloud Linux 3 : 0056: curl (ALINUX3-SA-2023:0056)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0056 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-27535: An authentication bypass...

CentOS 8 : curl (CESA-2023:3106)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:3106 advisory. - An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during...

Ricoh Printer - Directory and File Exposure Exploit

Exploit Title: Ricoh Printer Directory and File Exposure Exploit Author: Thomas Heverin Heverin Hacker Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Findermain.py Version: Ricoh Printers - All...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Authentication in the RHEL UBI (CVE-2023-27535)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-27535 This bulletin identifies the steps to take to address the vulnerability in RHEL. Vulnerability Details CVEID:CVE-2023-27535 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

EulerOS Virtualization 2.11.1 : curl (EulerOS-SA-2023-2719)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass...

NewStart CGSL MAIN 6.06 : curl Multiple Vulnerabilities (NS-SA-2023-0137)

The remote NewStart CGSL host, running version MAIN 6.06, has curl packages installed that are affected by multiple vulnerabilities: - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might mak...

MGASA-2023-0263 Updated curl packages fix security vulnerability

TELNET option IAC injection. CVE-2023-27533 SFTP path resolving discrepancy. CVE-2023-27534 FTP too eager connection reuse. CVE-2023-27535 GSS delegation too eager connection re-use. CVE-2023-27536 HSTS double free. CVE-2023-27537 SSH connection too eager reuse still. CVE-2023-27538 UAF in SSH...

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2023-2459)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass...

Security Bulletin: IBM MQ is affected by vulnerabilities in libcURL (CVE-2023-23916, CVE-2023-27535)

Summary Multiple issues were identified within the libcurl library that affect IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality which is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID:CVE-2023-23916 DESCRIPTION: cURL...

Oracle Linux 8 : curl (ELSA-2023-3106)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3106 advisory. 7.61.1-30.el88.2 - sftp: do not specify OAPPEND when not in append mode 2187717 7.61.1-30.el88.1 - fix FTP too eager connection reuse CVE-2023-27535 Tenable has...