46 matches found
📄 Monsta FTP 2.11 Remote File Injection
This Metasploit module exploits a vulnerability in Monsta FTP version 2.11 and enables remote file injection by creating a malicious FTP server. The application builds this server to upload a malicious PHP file reverse shell. After the file is uploaded, the module immediately verifies the...
CVE-1999-0302
SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server...
EUVD-1999-0302
Malware in sbrugna...
EUVD-2018-0764
Malware in sbrugna...
USN-6037-1: Apache Commons Net vulnerability
ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private...
EulerOS 2.0 SP3 : python (EulerOS-SA-2022-1757)
According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into...
AlmaLinux 8 : python3 (ALSA-2022:1986)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1986 advisory. - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP...
EulerOS 2.0 SP8 : python3 (EulerOS-SA-2022-1582)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into...
EulerOS 2.0 SP9 : ruby (EulerOS-SA-2021-2696)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a...
ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...
SUSE: Security Advisory (SUSE-SU-2020:3733-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for curl (moderate)
openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2020:2249-1 Rating: moderate References: 1179398 1179399 1179593 Cross-References: CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is now...
Security update for curl (moderate)
openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2020:2238-1 Rating: moderate References: 1179398 1179399 1179593 Cross-References: CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities is now...
SUSE SLES12 Security Update : curl (SUSE-SU-2020:3739-1)
This update for curl fixes the following issues : CVE-2020-8286: Fixed improper OSCP verification in the client side bsc1179593. CVE-2020-8285: Fixed a stack overflow due to FTP wildcard bsc1179399. CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different I...
SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2020:3733-1)
This update for curl fixes the following issues : CVE-2020-8286: Fixed improper OSCP verification in the client side bsc1179593. CVE-2020-8285: Fixed a stack overflow due to FTP wildcard bsc1179399. CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different I...
SUSE-SU-2020:3735-1 Security update for curl
This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side bsc1179593. - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard bsc1179399. - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a...
SUSE-SU-2020:3733-1 Security update for curl
This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side bsc1179593. - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard bsc1179399. - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a...
CVE-2017-10355
It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1601)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-1934
In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server...