15 matches found
EUVD-2006-0712
Malware in sbrugna...
CVE-2023-35887
A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope...
Information Disclosure
org.apache.sshd:sshd-common and org.apache.sshd:sshd-sftp are vulnerable to Information Disclosure. SFTP servers using the library with a RootedFileSystem may reveal the existence of items outside the rooted tree through parent navigation or symlinks, resulting in disclosure of sensitive...
CVE-2023-35887
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the root...
CVE-2023-35887 Apache MINA SSHD: Information disclosure bugs with RootedFilesystem
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the root...
CVE-2023-35887
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the root...
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ dot dot backslash in a response to a recursive GET command...
CVE-2016-5725
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ dot dot backslash in a response to a recursive GET command...
CVE-2016-5725
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ dot dot backslash in a response to a recursive GET command...
CVE-2016-5725
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ dot dot backslash in a response to a recursive GET command...
CVE-2007-5337
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs...
CVE-2007-1654
Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7sshsftp.cpp in NetSieben SSH Library ne7ssh before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service crash or possibly execute arbitrary code via multiple file transfers, related to multiple open file handle...
CVE-2006-0705
Format string vulnerability in a logging function as used by various SFTP servers, including 1 AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, 2 Reflection for Secure IT Windows Server before 6.0 build 38, 3 F-Secure SSH Server for Windows before 5.3 build 35, 4 F-Secure SSH...
CVE-2006-0705
CVE-2006-0705 is a format-string vulnerability in SFTP/SSH logging code across multiple servers (e.g., SSH Secure Shell Server variants, and related SFTP servers). The flaw affects the handling of filenames in logs, enabling a remote authenticated user to potentially execute arbitrary commands vi...
CVE-2006-0705
Format string vulnerability in a logging function as used by various SFTP servers, including 1 AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, 2 Reflection for Secure IT Windows Server before 6.0 build 38, 3 F-Secure SSH Server for Windows before 5.3 build 35, 4 F-Secure SSH...