71 matches found
Design/Logic Flaw
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses...
PwnPi - A Pen Test Drop Box distro for the Raspberry Pi
PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbo...
Apache 2.0.x < 2.0.47 Multiple Vulnerabilities (DoS, Encryption)
The remote host appears to be running a version of Apache 2.x prior to 2.0.47. It is, therefore, affected by multiple vulnerabilities : - An issue in may occur when the SSLCipherSuite directive is used to upgrade a cipher suite which could lead to a weaker cipher suite being used instead of the...
CVE-2010-0962
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT...
Command injection
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT...
CVE-2010-0962
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT...
Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
The FTP proxy used in Apple's Airport Express, Airport Extreme, Time Capsule and possibly elsewhere doesn't check the client provided address and port given by the FTP PORT command against the IP address of the connecting client, or against the use of privileged ports. The FTP PORT command is use...
Apple Airport unauthorized network access
FTP proxy functionality doesn't check PORT command arguments allowing to map external port to any internal port of any internal address...
httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply
The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...
RedHat Security Advisory RHSA-2009:1580
The remote host is missing updates announced in advisory RHSA-2009:1580. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw t...
httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply
The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...
Apache mod_proxy_ftp模块Null指针拒绝服务漏洞
Bugraq ID: 36260 Apache modproxyftp是一款用于处理FTP代理请求的Apache模块。 当处理FTP服务器的应答时modproxyftp存在错误,可导致Null指针应用而造成一个用程序崩溃。 使用./configure –enable-proxy –enable-proxy-ftp启用代理支持,并在httpd.conf文件中设置‘ProxyRequests’选项,如下代码的漏洞可导致应用程序崩溃: modules/proxy/proxyftp.c: int approxyftphandlerrequestrec r, proxyserverconf con...
FireFTP filename directory traversal sequence vulnerability
Overview The FireFTP Mozilla Firefox extension contains a vulnerability that may allow an attacker to write files to arbitrary locations. Description FireFTP is a Firefox extension that provides FTP client functionality. Firefox extensions can run with Chrome privileges which allow them to...
openSUSE 10 Security Update : apache2 (apache2-5125)
This update fixes multiple bugs in apache : - cross site scripting problem in modimap CVE-2007-5000 - cross site scripting problem in modstatus CVE-2007-6388 - cross site scripting problem in the ftp proxy module CVE-2008-0005 - cross site scripting problem in the error page for status code 413...
openSUSE 10 Security Update : apache2 (apache2-5126)
This update fixes multiple bugs in apache : - cross site scripting problem in modimap CVE-2007-5000 - cross site scripting problem in modstatus CVE-2007-6388 - cross site scripting problem in the ftp proxy module CVE-2008-0005 - cross site scripting problem in the error page for status code 413...
SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 5128)
This update fixes multiple bugs in apache : - cross-site scripting problem in modimap. CVE-2007-5000 - cross-site scripting problem in modstatus. CVE-2007-6388 - cross-site scripting problem in the ftp proxy module. CVE-2008-0005 - cross-site scripting problem in the error page for status code 41...
Debian Security Advisory DSA 510-1 (jftpgw)
The remote host is missing an update to jftpgw announced via advisory DSA 510-1. OpenVAS Vulnerability Test $Id: deb5101.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 510-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian: Security Advisory (DSA-510)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Double free
Double free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service daemon crash via multiple OPEN commands to the FTP proxy...
CVE-2007-5622
Double free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service daemon crash via multiple OPEN commands to the FTP proxy...