Lucene search
K

1045 matches found

prion
prion
added 2023/08/14 5:15 a.m.33 views

Privilege escalation

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...

4.3CVSS7.6AI score0.0039EPSS
Exploits1References5Affected Software1
ubuntucve
ubuntucve
added 2023/08/14 12:0 a.m.66 views

CVE-2023-40303

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...

7.8CVSS7.1AI score0.0039EPSS
Exploits1References5
debiancve
debiancve
added 2023/08/14 12:0 a.m.27 views

CVE-2023-40303

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...

7.8CVSS7.7AI score0.0039EPSS
Exploits1
ptsecurity
ptsecurity
added 2023/08/13 12:0 a.m.5 views

PT-2023-27371 · Gnu +2 · Gnu Inetutils +2

Name of the Vulnerable Software and Affected Versions: GNU inetutils versions prior to 2.5 Description: The issue allows privilege escalation due to unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is relevant if the setuid system call fails when ...

7.8CVSS7.5AI score0.01657EPSS
Exploits4References35
rosalinux
rosalinux
added 2023/07/11 12:13 p.m.40 views

Advisory ROSA-SA-2023-2188

Software: pure-ftpd 1.0.51 OS: ROSA-CHROME packageevrstring: pure-ftpd-1.0.51-1.src.rpm CVE-ID: CVE-2020-9274 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An uninitialized pointer vulnerability has been discovered in the linked list of diraliases. When the lookupaliasconst char alias or printaliasesvoi...

7.5CVSS6.9AI score0.05813EPSS
Exploits1
openvas
openvas
added 2023/03/08 12:0 a.m.8 views

Debian: Security Advisory (DLA-269-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
susecve
susecve
added 2023/02/15 5:54 a.m.5 views

SUSE CVE-2011-0418

The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service memory consumption via a crafted FTP STAT command...

4CVSS6.6AI score0.07255EPSS
Exploits5References4
susecve
susecve
added 2023/02/15 5:51 a.m.6 views

SUSE CVE-2011-3171

Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors...

3.6CVSS6.9AI score0.00585EPSS
Exploits0References5
susecve
susecve
added 2023/02/15 4:5 a.m.3 views

SUSE CVE-2019-20176

In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c...

7.6CVSS7AI score0.04365EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 4:0 a.m.4 views

SUSE CVE-2020-9274

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the lookupaliasconst char alias or printaliasesvoid function is called, they fail to correctly detect the end of the linked list and try to access a non-existe...

4.3CVSS7AI score0.05813EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 3:51 a.m.4 views

SUSE CVE-2020-35359

Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit...

7.5CVSS7AI score0.04744EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 3:37 a.m.3 views

SUSE CVE-2021-40524

In Pure-FTPd before 1.0.50, an incorrect maxfilesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. Versions 1.0.2...

7.5CVSS7AI score0.04285EPSS
Exploits1References4
veracode
veracode
added 2022/05/01 4:29 a.m.25 views

Out-of-Bounds Read

An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds OOB read has been detected in the purestrcmp function in utils.c...

7.5CVSS2.6AI score0.07112EPSS
Exploits0References10Affected Software1
openvas
openvas
added 2022/01/28 12:0 a.m.17 views

Mageia: Security Advisory (MGASA-2018-0108)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.4AI score0.01077EPSS
Exploits0References4
openvas
openvas
added 2022/01/28 12:0 a.m.8 views

Mageia: Security Advisory (MGASA-2015-0355)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
openvas
openvas
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2020-0128)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.04365EPSS
Exploits0References3
packetstorm
packetstorm
added 2022/01/21 12:0 a.m.321 views

Backdoor.Win32.Wollf.16 Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Authentication Bypass Description: The malware listens on TCP...

0.1AI score
Exploits0
packetstorm
packetstorm
added 2021/12/13 12:0 a.m.161 views

Backdoor.Win32.Phase.11 Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fb4fb710f031304d788d9cd1c4201552.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Phase.11 Vulnerability: Unauthenticated Remote Command Execution Description: The phA...

7.4AI score
Exploits0
osv
osv
added 2021/10/12 10:33 p.m.13 views

GHSA-7VXR-6CXG-J3X8 OS Command Injection in ftpd

The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic...

9.8CVSS10AI score0.03544EPSS
Exploits1References5
github
github
added 2021/10/12 10:33 p.m.28 views

OS Command Injection in ftpd

The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic...

10CVSS8.1AI score0.03544EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder