EUVD-2004-1291

Malware in sbrugna...

OPENSUSE-SU-2024:10306-1 tnftp-20151004-1.3 on GA media

These are all security issues fixed in the tnftp-20151004-1.3 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2014-8517

The fetchurl function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | pipe character at the end of an HTTP redirect...

tnftp (savefile) Arbitrary Command Execution Exploit

This Metasploit module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the las...

tnftp "savefile" Arbitrary Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...

tnftp - 'savefile' Arbitrary Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...

tnftp "savefile" Arbitrary Command Execution

This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component...

GLSA-201611-05 : tnftp: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201611-05 tnftp: Arbitrary code execution The fetchurl function in usr.bin/ftp/fetch.c allows remote attackers to execute arbitrary commands via a Impact : A remote attacker could possibly execute arbitrary code with the privilege...

tnftp - clientside BSD Exploit

Exploit for bsd platform in category remote exploits !/usr/bin/env python2 Exploit Title: tnftp BSD exploit Date: 11/29/2014 Exploit Author: dash Vendor Homepage: www.freebsd.org Version: FreeBSD 8/9/10 Tested on: FreeBSD 9.3 CVE : CVE-2014-8517 tnftp exploit CVE-2014-8517tested against freebsd 9...

tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side

!/usr/bin/env python2 Exploit Title: tnftp BSD exploit Date: 11/29/2014 Exploit Author: dash Vendor Homepage: www.freebsd.org Version: FreeBSD 8/9/10 Tested on: FreeBSD 9.3 CVE : CVE-2014-8517 tnftp exploit CVE-2014-8517tested against freebsd 9.3...

tnftp (FreeBSD 8910) - tnftp Client Side

tnftp FreeBSD 8910 - tnftp Client Side !/usr/bin/env python2 Exploit Title: tnftp BSD exploit Date: 11/29/2014 Exploit Author: dash Vendor Homepage: www.freebsd.org Version: FreeBSD 8/9/10 Tested on: FreeBSD 9.3 CVE : CVE-2014-8517 tnftp exploit CVE-2014-8517tested against freebsd 9.3...

CVE-2014-8517

The fetchurl function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | pipe character at the end of an HTTP redirect...

CVE-2014-8517

The fetchurl function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | pipe character at the end of an HTTP redirect...

DEBIAN-CVE-2014-8517

The fetchurl function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | pipe character at the end of an HTTP redirect...

CVE-2014-8517

The fetchurl function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | pipe character at the end of an HTTP redirect...

CVE-2014-8517

The fetchurl function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | pipe character at the end of an HTTP redirect...

CVE-2014-8517

CVE-2014-8517 affects tnftp’s ftp(1) client, where handling of HTTP URIs can cause arbitrary command execution when the redirected filename ends with a pipe character. The NetBSD/tnftp fetch_url code path parses the last segment after redirects as the output filename, and if it begins with |, the...

NetBSD tnftp fetch.c fetch_url Command Execution (CVE-2014-8517)

A command execution vulnerability has been reported in NetBSD tnftp. The vulnerability is due to insufficient validation of the ftp output file name when using an HTTP URI to fetch files. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to open a malicious UR...

[SECURITY] Fedora 20 Update: tnftp-20141031-1.fc20

tnftp is the FTP File Transfer Protocol client from NetBSD. FTP is a wid ely used protocol for transferring files over the Internet and for archiving fi les. tnftp provides some advanced features beyond the Linux netkit ftp client, b ut maintains a similar user interface to the traditional ftp...

Fedora Update for tnftp FEDORA-2014-14113

Check the version of tnftp SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868476";...