The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticat…
[pyftpdlib] pyftpdlib vulnerable to allocation of resources without limits
The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.
References
https://nvd.n…
[pyftpdlib] Directory Traversal in pyftpdlib
Python FTP server library provides a high-level portable interface to easily write very efficient, scalable and asynchronous FTP servers with Python. Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote au…
[pyftpdlib] Improper Authentication in pyftpdlib
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
https://nvd.ni…
[pyftpdlib] Improper Input Validation in pyftpdlib
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.
References
https://nvd.nist.gov/vuln/detail/CVE-2007-6739
https://github.com/giampaolo/pyftpdlib/issues/3
https://github.com/advisories/GHS…
[org.mortbay.jetty:jetty] Improper Authentication in Mortbay Jetty
Mortbay Jetty before 6.1.6rc1 does not properly handle “certain quote sequences” in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
References
https://nvd.nist.gov/vuln/detail/CVE-2007-5614
htt…
[org.mortbay.jetty:jetty] Mortbay Jetty vulnerable to Cross-site scripting
Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.
References
https://nvd.nist.gov/vuln/detail/CVE-2007-5613
…
[com.opensymphony:xwork] OpenSymphony XWork vulnerable to improper input validation
XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Obje…
Google Chromeに重要な脆弱性が複数存在、アップデートを
米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA: Cyberse…
[org.mortbay.jetty:jetty] Improper Input Validation in Mortbay Jetty
jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.
References
https://nvd.nist.gov/vuln/detail/CVE-2006-2759
https://www.eclipse….