9 matches found
📄 CrushFTP 9.x / 10.8.4 / 11.3.1 Server-Side Request Forgery / Directory Traversal
CrushFTP versions 9.x, 10.x through 10.8.4, and 11.x through 11.3.1 suffer from server-side request forgery and directory traversal vulnerabilities. !-- Exploit Title: Server-Side Request Forgery SSRF in CrushFTP 10.7.1 and 11.1.0 as well as legacy 9.x Date: 2024-10-20 Exploit Author: Rafael...
New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm
The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of...
Citrix Bugs Allow Unauthenticated Code Injection, Data Theft
Multiple vulnerabilities in the Citrix Application Delivery Controller ADC and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker. The Citrix products...
Fedora 17 : wordpress-3.5.1-1.fc17 (2013-1692)
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include : - Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. - Media: F...
Fedora 18 : wordpress-3.5.1-1.fc18 (2013-1774)
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include : - Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. - Media: F...
wordpress -- multiple vulnerabilities
Wordpress reports: WordPress 3.5.1 also addresses the following security issues: A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress...
NetInfo Daemon Detection
A 'NetInfo' daemon is running on this port. NetInfo is in charge of maintaining databases or 'maps' regarding the system. Such databases include the list of users, the password file, and more. If the remote host is not a NetInfo server, this service should not be reachable directly from the...
Squid Web Proxy 2.3 - Reverse Proxy
source: https://www.securityfocus.com/bid/3062/info Squid is a free client-side web proxy that retrieves cached web pages for quick browsers and a reduction in bandwidth consumption. Squid servers, when configured as an "HTTP accelerator only", may allow remote attackers to use them as port...
FTP Server Detection
It is possible to obtain the banner of the remote FTP server by connecting to a remote port. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10092; scriptversion"1.57"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/08/17";...