EUVD-2008-5103

Malware in sbrugna...

CVE-2023-4528

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 Windows, Linux, and MacOS permits an attacker to run arbitrary Java code including OS commands via its management interface...

CVE-2023-4528

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 Windows, Linux, and MacOS permits an attacker to run arbitrary Java code including OS commands via its management interface...

Deserialization of untrusted data

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 Windows, Linux, and MacOS permits an attacker to run arbitrary Java code including OS commands via its management interface...

CVE-2023-4528 JSCAPE MFT Server Unsafe Deserialization on Management Port

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 Windows, Linux, and MacOS permits an attacker to run arbitrary Java code including OS commands via its management interface...

CVE-2023-4528

CVE-2023-4528 affects JSCAPE MFT Server versions prior to 2023.1.9. An unsafe Java deserialization on the management port (default TCP 10880) allows an attacker to send an XML-encoded Java object and execute arbitrary code with root on Linux or SYSTEM on Windows. The vulnerability is exploitable ...

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

In August 2023, Rapid7 discovered a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. The vulnerability was later assigned CVE-2023-4528. It can be exploited by sending an XML-encoded Java object to the Manager Service port, which, by defaul...

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

In August 2023, Rapid7 discovered a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. The vulnerability was later assigned CVE-2023-4528. It can be exploited by sending an XML-encoded Java object to the Manager Service port, which, by defaul...

PT-2023-4877 · Jscape · Jscape Mft Server

Name of the Vulnerable Software and Affected Versions: JSCAPE MFT Server versions prior to 2023.1.9 Description: The issue is related to unsafe deserialization in the JSCAPE MFT Server, which allows an attacker to execute arbitrary Java code, including OS commands, via its management interface...

JSCAPE MFT Server Code Issue Vulnerability

JSCAPE MFT Server is a flexible and scalable hosted file transfer solution from JSCAPE USA. A security vulnerability exists in JSCAPE MFT Server versions prior to 2023.1.9 that stems from the presence of insecure deserialization, which allows an attacker to run arbitrary Java code through its...

curl security and bug fix update

An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...

RLSA-2023:3106 Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: FTP too eager connection reuse CVE-2023-27535 For more details about the security issues, including the impact, a CVS...

Moderate: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: FTP too eager connection reuse CVE-2023-27535 For more details about the security issues, including the impact, a CVS...

ALSA-2023:3106 Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: FTP too eager connection reuse CVE-2023-27535 For more details about the security issues, including the impact, a CVS...

Code injection

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks...

CVE-2008-5124

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks...

CVE-2008-5124

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks...

CVE-2008-5124

CVE-2008-5124 affects JSCAPE Secure FTP Applet 4.8.0 and earlier. The root cause is that the applet does not prompt the user to verify a new or mismatched SSH host key, enabling potential man-in-the-middle attacks. The description does not provide explicit exploit details or in-the-wild status. N...

JSCAPE Secure FTP Applet主机密钥验证绕过安全限制漏洞

BUGTRAQ ID: 29882 Secure FTP Applet是运行在WEB浏览器中的的FTP客户端组件。 Secure FTP Applet在处理数据连接时存在漏洞，在连接期间Applet没有正确地验证或显示主机密钥，这允许攻击者通过中间人攻击劫持会话，从而完全入侵FTP客户端。 JSCAPE Secure FTP Applet 4.8 JSCAPE ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.jscape.com/sftpapplet/index.html...