CVE-2022-45093

Siemens SINEC INS exposes CVE-2022-45093 affecting all versions prior to V1.0 SP2 Update 1. An authenticated remote attacker who can reach both the Web Based Management interface (443/tcp) and the SFTP service (22/tcp) could read and write arbitrary files on the device file system, potentially le...

CVE-2022-45093

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 1. An authenticated remote attacker with access to the Web Based Management 443/tcp of the affected product as well as with access to the SFTP server of the affected product 22/tcp, could potentially read and write...

IBM Sterling B2B Integrator elevation of privilege vulnerability (CNVD-2023-05239)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. An elevation of privilege...

CVE-2022-43920

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362...

Improper access control

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362...

CVE-2022-43920 IBM Sterling B2B Integrator Standard Edition privilege escalation

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362...

CVE-2022-43920 IBM Sterling B2B Integrator Standard Edition privilege escalation

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362...

CVE-2022-39220

Summary of CVE-2022-39220 : SFTPGo is an SFTP server written in Go. The vulnerability affects the WebClient component of SFTPGo, where versions prior to 2.3.5 are vulnerable to Cross-site Scripting (XSS) that allows remote attackers to inject malicious code. The underlying issue is an XSS flaw in...

CVE-2022-36071

Vulnerability context (CVE-2022-36071): SFTPGo WebAdmin/WebClient allowed generation of recovery codes before two-factor authentication (2FA) was enabled, enabling an attacker who knew a user’s password to potentially generate recovery codes and bypass 2FA later. This affected versions 2.2.0 thro...

GHSA-W393-H95M-F879 CoreFTP Directory Traversal

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a ....\ substring, allowing an attacker to enumerate file existence based on the returned information...

CVE-2022-22899

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service DoS via a crafted packet through the SSH service...

Design/Logic Flaw

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service DoS via a crafted packet through the SSH service...

CVE-2022-22899

Core FTP / SFTP Server v2 Build 725 is affected by a buffer error in the SSH service that allows unauthenticated attackers to cause a Denial of Service via a crafted SSH packet. Documented impact is DoS; attack path is network-based, with no authentication required. Remediation guidance across so...

Core FTP 缓冲区错误漏洞

Core FTP is a file transfer server. Core FTP / SFTP Server v2 Build 725 suffers from a buffer error vulnerability that could allow an unauthenticated attacker to cause a denial of service DoS via a SSH service via a crafted packet...

libssh: NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL

A flaw was found in libssh. A NULL pointer dereference in tftpserver.c if sshbuffernew returns NULL...

Linux: SSH Subsystem

Subsystem: Configures an external subsystem e.g. file transfer daemon. Arguments should be a subsystem name and a command with optional arguments to execute upon subsystem request. The command sftp-server implements the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be...

AIX OpenSSH Advisory : openssh_advisory11.asc

The version of OpenSSH installed on the remote AIX host is affected by a vulnerability in the processopen function of sftp-server.c in OpenSSH in that it does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. %NASLMINLEVEL 70300 C Tenable...

CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)

class MetasploitModule 'CVE-2019-9648 CoreFTP FTP Server Version 674 and below SIZE Directory Traversal', 'Description' = %qAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a .......

CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)

class MetasploitModule 'CVE-2019-9649 CoreFTP FTP Server Version 674 and below MDTM Directory Traversal', 'Description' = %qAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal ....\ to browse...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2018-1141)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...