1045 matches found
Privilege escalation
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...
CVE-2023-40303
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...
CVE-2023-40303
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...
PT-2023-27371 · Gnu +2 · Gnu Inetutils +2
Name of the Vulnerable Software and Affected Versions: GNU inetutils versions prior to 2.5 Description: The issue allows privilege escalation due to unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is relevant if the setuid system call fails when ...
Advisory ROSA-SA-2023-2188
Software: pure-ftpd 1.0.51 OS: ROSA-CHROME packageevrstring: pure-ftpd-1.0.51-1.src.rpm CVE-ID: CVE-2020-9274 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An uninitialized pointer vulnerability has been discovered in the linked list of diraliases. When the lookupaliasconst char alias or printaliasesvoi...
Debian: Security Advisory (DLA-269-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2011-0418
The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service memory consumption via a crafted FTP STAT command...
SUSE CVE-2011-3171
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors...
SUSE CVE-2019-20176
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c...
SUSE CVE-2020-9274
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the lookupaliasconst char alias or printaliasesvoid function is called, they fail to correctly detect the end of the linked list and try to access a non-existe...
SUSE CVE-2020-35359
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit...
SUSE CVE-2021-40524
In Pure-FTPd before 1.0.50, an incorrect maxfilesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. Versions 1.0.2...
Out-of-Bounds Read
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds OOB read has been detected in the purestrcmp function in utils.c...
Mageia: Security Advisory (MGASA-2018-0108)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0355)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2020-0128)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Backdoor.Win32.Wollf.16 Authentication Bypass
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Authentication Bypass Description: The malware listens on TCP...
Backdoor.Win32.Phase.11 Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fb4fb710f031304d788d9cd1c4201552.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Phase.11 Vulnerability: Unauthenticated Remote Command Execution Description: The phA...
GHSA-7VXR-6CXG-J3X8 OS Command Injection in ftpd
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic...
OS Command Injection in ftpd
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic...