23 matches found
CVE-2018-25143
CVE-2018-25143 affects Microhard Systems IPn4G 1.1.0. A service vulnerability enables authenticated users to turn on a restricted SSH shell via the default user 'msshc'. An attacker can abuse a custom 'ping' command within the NcFTP environment to escape the restricted shell and execute commands ...
CVE-2018-25143 Microhard Systems IPn4G 1.1.0 Backdoor Jailbreak via Microhard Sh Service
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root...
EUVD-2004-1940
Malware in sbrugna...
EUVD-1999-1314
Malware in sbrugna...
Malicious code in ncftp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4bc7a5d34f3860004cbdbf4f622418fa2383dd3ba5ebff2ed2074a4a13d1b85d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4854 Malicious code in ncftp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4bc7a5d34f3860004cbdbf4f622418fa2383dd3ba5ebff2ed2074a4a13d1b85d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Backdoor Jailbreak
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0 Re...
CVE-2005-4784
Multiple buffer overflows in the POSIX readdirr function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via 1 a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with...
CVE-2007-5201
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments...
DEBIAN-CVE-2007-5201
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments...
CVE-2007-5201
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments...
CVE-2005-4784
Multiple buffer overflows in the POSIX readdirr function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via 1 a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with...
Slackware 10.0 / 10.1 / current : ncftp (SSA:2005-135-02)
New ncftp packages are available for Slackware 10.0, 10.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2005-135-02. The text itself is copyright C...
(FALSE ALARM ON) ncftp
Hey folks, An advisory recently went out on NcFTP, but it appears that the issue in question was fixed long ago in version 3.1.5, released on 2002-10-13. I received an email at [email protected] from a well-meaning user informing me that 3.1.9 had a security issue that was going unpatched: I...
ncftp
New ncftp packages are available for Slackware 10.0, 10.1, and -current to fix security issues. More details about this issue may be found on the NcFTP site: http://www.ncftp.com/ncftp/doc/changelog.html3.1.5 Here are the details from the Slackware 10.1 ChangeLog:...
CVE-2004-1948
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list...
CVE-2004-1948
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list...
CVE-2004-1948
The vulnerability affects NcFTP client versions 3.1.6 and 3.1.7. When a user supplies an FTP URL containing a username and password on the command line, the URL may be exposed in process listings (ps aux), allowing local users to obtain sensitive information. Root cause is credentials being passe...
DEBIAN-CVE-2004-1948
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list...
CVE-2004-1948
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list...