EUVD-2014-2870

Malware in sbrugna...

OESA-2023-1193 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However,...

CVE-2014-2845

Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority...

Design/Logic Flaw

Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority...

CVE-2014-2845

The CVE-2014-2845 entry applies to Cyberduck for Windows prior to 4.4.4, where the client does not properly validate X.509 certificate chains. This flaw allows MITM when using FTP-SSL because certificates issued by untrusted roots may be accepted. The NVD description and the SySS advisory confirm...

CVE-2014-2845

Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority...

Cyberduck protection bypass

Invali FTP-SSL root ceritificates check...

FreeFTPD 'SFTP'身份验证机制绕过漏洞

BUGTRAQ ID: 56782 FreeFTPd是一款基于WeOnlyDo FTP/SFTP实现的免费FTP+SSL/SFTP服务器。 FreeFTPD 1.0.11及其他版本的SFTP身份验证机制存在错误，可被利用绕过身份验证进程，以服务权限执行任意代码。 0 freeFTPd 1.x 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁： 暂停使用freeFTPd。 厂商补丁： freeFTPd -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://freeftpd.com/...