CVE-2024-44685

Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI...

CVE-2024-44685

Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI...

CVE-2024-44685

The vulnerability CVE-2024-44685 affects Titan SFTP and Titan MFT Server versions 2.0.25.2426 and earlier. The root cause is that passwords and other sensitive data are exposed in clear text within the JSON response when configuring SMTP settings via the Web UI. This impacts confidentiality (high...

SolarWinds Serv-U Unauthenticated Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SolarWinds Serv-U Unauthenticated Arbitrary File Read', 'Description' = %q This module exploits an unauthenticated file read vulnerability, due t...

CVE-2023-4528

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 Windows, Linux, and MacOS permits an attacker to run arbitrary Java code including OS commands via its management interface...

CVE-2023-4528

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 Windows, Linux, and MacOS permits an attacker to run arbitrary Java code including OS commands via its management interface...

Deserialization of untrusted data

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 Windows, Linux, and MacOS permits an attacker to run arbitrary Java code including OS commands via its management interface...

CVE-2023-4528 JSCAPE MFT Server Unsafe Deserialization on Management Port

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 Windows, Linux, and MacOS permits an attacker to run arbitrary Java code including OS commands via its management interface...

CVE-2023-4528

CVE-2023-4528 affects JSCAPE MFT Server versions prior to 2023.1.9. An unsafe Java deserialization on the management port (default TCP 10880) allows an attacker to send an XML-encoded Java object and execute arbitrary code with root on Linux or SYSTEM on Windows. The vulnerability is exploitable ...

CVE-2022-22772

The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution RCE vulnerability that allows a low privileged attacker with...

Serv-U FTP/MFT Server Unauthenticated Privilege Escalation

Details source: https://www.trustwave.com/Resources/SpiderLabs-Blog/Exploiting-Privilege-Escalation-in-Serv-U-by-SolarWinds/?page=1&year=0&month=0 I was recently working on an external network penetration test where I identified a new vulnerability in a file sharing web application called Serv-U ...

CVE-2014-2545

TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request...