54 matches found
CVE-2016-10104
Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to an...
Design/Logic Flaw
hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and...
CVE-2016-10102
hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and...
CVE-2016-10104
Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to an...
CVE-2016-10102
hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and...
Core FTP LE Client 'SSH/SFTP' Remote Buffer Overflow Vulnerability
Core FTP Client is prone to remote buffer overflow vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:coreftp:coreftp...
Core FTP LE 2.2 - SSH/SFTP Remote Buffer Overflow (PoC) Exploit
Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: =============== www.coreftp.com Product: ======================== Core FTP LE client v2.2 build 1883 Core FTP LE - free Windows software that includes the client FTP features you need. Features like SFTP...
Core FTP LE 2.2 - SSHSFTP Remote Buffer Overflow (PoC)
Core FTP LE 2.2 - SSHSFTP Remote Buffer Overflow PoC + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CORE-FTP-REMOTE-SSH-SFTP-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: =============== www.coreftp.com Product:...
Core FTP LE 2.2 Build 1883 Buffer Overflow
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CORE-FTP-REMOTE-SSH-SFTP-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: =============== www.coreftp.com Product: ======================== Core FTP LE client v2.2 build 1883...
Core FTP LE 2.2 - 'SSH/SFTP' Remote Buffer Overflow (PoC)
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CORE-FTP-REMOTE-SSH-SFTP-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: =============== www.coreftp.com Product: ======================== Core FTP LE client v2.2 build 1883...
SOL21531693 - libssh2 vulnerability CVE-2016-0787
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
Rooted SSH/SFTP Daemon Default Login Credentials
Title: Rooted SSH/SFTP Daemon Default Login Credentials Author: Larry W. Cashdollar, @larry0 OSVDB-ID: 110742 Date: 9/2/2014 Download: https://play.google.com/store/apps/details?id=web.oss.sshsftpDaemon Description: "This app is a SSH terminal server AND an SFTP file server." Vulnerability: The...
CVE-2007-5337
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs...
SSH SFTP client / server format string vulnerability
Format string bug on filename logging...