EFTP 2.0.7 .337 Buffer Overflow Code Execution and Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3330/info Encrypted FTP EFTP is both an FTP client and server application for Windows platforms. A malicious user with upload permissions to the target host can cause a buffer overflow in EFTP to execute code of the...

MacOSX 10.9.2/XNU HFS Hard Linking

MacOSX/XNU HFS Multiple Vulnerabilities Maksymilian Arciemowicz http://cxsecurity.com/ http://cifrex.org/ =================== On November 8th, I've reported vulnerability in hard links for HFS+ CVE-2013-6799 http://cxsecurity.com/issue/WLB-2013110059 The HFS+ file system does not apply strict...

Command injection

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

Scientific Linux Security Update : vsftpd on SL5.x i386/x86_64

A memory leak was discovered in the vsftpd daemon. An attacker who is able to connect to an FTP service, either as an authenticated or anonymous user, could cause vsftpd to allocate all available memory if the 'denyfile' option was enabled in vsftpd.conf. CVE-2007-5962 As well, this updated packa...

smb-ls NSE Script

Attempts to retrieve useful information about files shared on SMB volumes. The output is intended to resemble the output of the UNIX ls command. Script Arguments smb-ls.path the path, relative to the share to list the contents from default: root of the share smb-ls.pattern the search pattern to...

Successful Shell Attack Detected - Linux Failed 'ls' Command

Binary data 6141.prm...

bash terminal characters injection

It's possible to inject ESC-sequences into ls command output...

GNU Bash 4.0 - ls Control Character Command Injection

GNU Bash 4.0 - ls Control Character Command Injection source: https://www.securityfocus.com/bid/37776/info GNU Bash is prone to a command-injection vulnerability because it fails to adequately sanitize control characters in the 'ls' command. Attackers can exploit this issue to execute arbitrary...

RedHat Update for vsftpd RHSA-2008:0295-01

Check for the Version of vsftpd OpenVAS Vulnerability Test RedHat Update for vsftpd RHSA-2008:0295-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

RHEL 5 : vsftpd (RHSA-2008:0295)

An updated vsftpd package that fixes a security issue and several bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. The vsftpd package includes a Very Secure File Transfer Protocol FTP daemon. A...

CVE-2002-2387

Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. dot dot in the LS command...

CVE-2002-2387

Hyperion FTP server 2.8.1 is affected by a directory traversal vulnerability that allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. The issue is documented across multiple sources (NVD entry, Red Hat CVE page, CVE listing). The connected documents do not provid...

Linux ftpd ls privilege escalation

ls command is executed with effective gid 0...

Mambo Component ExtCalendar 2.0 - Remote File Inclusion

Mambo Component ExtCalendar 2.0 - Remote File Inclusion -------------------------------------------------------------------------------- Title : ExtCalendar Mambo Module = v2 Remote File Include Vulnerabilities Discovered By OLiBekaS...

CVE-2005-2142

CVE-2005-2142 is a vulnerability in Golden FTP Server 2.60 where an authenticated remote attacker can use a backslash-dot-dot in the LIST command to disclose directory contents. The available sources consistently describe a directory traversal that allows listing arbitrary directories, exposing f...

CVE-2001-0452

BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD " command followed by an ls command...

CVE-2001-0452

BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD " command followed by an ls command...