EUVD-1999-1543

Malware in sbrugna...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted 1 USER or 2 PASS command, which is written by the FTP logging module to a...

Directory traversal in Daniel Arenz' Mini Server

Hi! There is a directory traversal flaw in Daniel Arenz' Mini Server 2.1.6 tested on Windows XP Professional. It could be that prior versions are also affected. It's possible to show every by the web server readable file on the target system by using one of the following URLs:...

CVE-1999-1562

The CVE-1999-1562 entry concerns gFTP, affected versions 1.13 and all before 2.0.0, which may log a user password in plaintext either in the GUI log window or in a log file. This is a plaintext credential exposure vulnerability in the logging path. Debian’s advisory (DSA-084-1) notes a fix in ver...

CVE-1999-1562

gFTP FTP client 1.13, and other versions before 2.0.0, records a password in plaintext in 1 the log window, or 2 in a log file...