MiracleLinux 7 : lftp-4.4.8-12.el7 (AXSA:2020-4561:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4561:02 advisory. lftp: particular remote file names may lead to current working directory erased CVE-2018-10916 Tenable has extracted the preceding description block directly...

MiracleLinux 3 : lftp-3.7.11-4AXS3 (AXSA:2009-390:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-390:01 advisory. LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in...

MiracleLinux 3 : lftp-3.7.11-4.AXS3.3 (AXSA:2010-400:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-400:01 advisory. LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in...

EUVD-2018-2971

Malware in sbrugna...

EUVD-2010-2263

Malware in sbrugna...

EUVD-2007-2343

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-10916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local...

Linux Distros Unpatched Vulnerability : CVE-2007-2348

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands vi...

RHSA-2020:1045 Red Hat Security Advisory: lftp security update

Bulletin has no description...

RHSA-2010:0585 Red Hat Security Advisory: lftp security update

Bulletin has no description...

RHSA-2009:1278 Red Hat Security Advisory: lftp security and bug fix update

Bulletin has no description...

RHSA-2003:404 Red Hat Security Advisory: lftp security update

Bulletin has no description...

OPENSUSE-SU-2024:10380-1 lftp-4.7.4-1.1 on GA media

These are all security issues fixed in the lftp-4.7.4-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10915-1 lftp-4.9.2-1.7 on GA media

These are all security issues fixed in the lftp-4.9.2-1.7 package on the GA media of openSUSE Tumbleweed...

RHEL 6 : lftp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - lftp: particular remote file names may lead to current working directory erased CVE-2018-10916 Note that Nessus has...

RHEL 4 : lftp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - lftp mirror --script does not escape names and targets of symbolic links CVE-2007-2348 Note that Nessus has not...

RHEL 6 : lftp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - lftp: particular remote file names may lead to current working directory erased CVE-2018-10916 Note that Nessus has...

Oracle Linux 7 : lftp (ELSA-2020-1045)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1045 advisory. 4.4.8-12 - Resolves: 1611641 - CVE-2018-10916 lftp: particular remote file names may lead to current working directory erased Tenable has extracted the precedin...

Oracle Linux 5 : lftp (ELSA-2009-1278)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2009-1278 advisory. - Resolves: 239334 solves CVE-2007-2348 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

SUSE CVE-2018-10916

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server,...