1864 matches found
Amazon Linux AMI : openssh (ALAS-2019-1313)
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...
CVE-2019-16383
MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker...
CVE-2019-16383
CVE-2019-16383 affects Progress MOVEit Transfer via MOVEit.DMZ.WebApi.dll in MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1. The Red Hat/CIRCL/CNVD entries confirm an unauthenticated SQL injection via the REST API that can cause database access breaches. Affe...
CVE-2019-16383
MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker...
EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1908)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle...
curl: huge COLUMNS causes progress-bar to buffer overflow
Summary: If an attacker can set environmental variables, curl will always crash with a buffer overflow when downloading a file if the --progress-bar argument is set. Steps To Reproduce: Just run the following command on a 64-bit Linux system verified on Ubuntu 19.04. bash Of course you can set th...
CVE-2019-12146
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized director...
CVE-2019-12144
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses th...
CVE-2019-12143
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WSFTP usernames as well as filenames...
CVE-2019-12146
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized director...
CVE-2019-12145
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system...
Path traversal
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses th...
Directory traversal
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system...
Directory traversal
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized director...
CVE-2019-12146
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized director...
CVE-2019-12146
CVE-2019-12146 affects Progress Ipswitch WS_FTP Server 2018 before 8.6.1. Vulnerable component: SSHServerAPI.dll; SCP listener flaw allows crafted strings to write files and create directories outside the authorized directory. Attack surface is network-exposed; impact includes potential unauthori...
CVE-2019-12145
CVE-2019-12145 affects Progress IPSwitch WS_FTP Server 2018 up to version 8.6.0. The flaw resides in SSHServerAPI.dll, allowing a directory-traversal via crafted strings sent over SCP, enabling an attacker to disclose pathnames on the host operating system. The vulnerability is a path-disclosure ...
CVE-2019-12145
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system...
CVE-2019-12144
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses th...
CVE-2019-12144
CVE-2019-12144 affects Progress IPSwitch WS_FTP Server 2018 (before 8.6.1). The issue is in SSHServerAPI.dll and enables path traversal via SCP, with potential remote code execution by crafting a payload that abuses the SITE command feature. Multiple connected sources (NVD entry, CNVD entry, PRIO...