10 results (0.003 seconds)

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0

21 Jan 2015 — Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response. Desbordamiento de buffer basado en pila en el cliente FTP Attachmate Reflection anterior a 14.1.433 permite a servidores FTP remotos ejecutar código arbitrario a través de una respuesta PWD grande. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Reflection FTP client. User interaction i... • http://secunia.com/advisories/62467 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 10%CPEs: 1EXPL: 0

12 Aug 2014 — Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the SaveSettings method. Vulnerabilidad de salto de directorio en el control rftpcom.dll de ActiveX en Attachmate Reflection FTP Client anterior a 14.1.429 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados en el método SaveSettings. This vulnerability allows remote attac... • http://support.attachmate.com/techdocs/2501.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 10%CPEs: 1EXPL: 0

12 Aug 2014 — Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog method. Vulnerabilidad de salto de directorio en el control rftpcom.dll de ActiveX en Attachmate Reflection FTP Client anterior a 14.1.429 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados en el método StartLog. This vulnerability allows remote attackers to ... • http://support.attachmate.com/techdocs/2501.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 0

12 Aug 2014 — The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE-2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher. El control rftp... • http://support.attachmate.com/techdocs/2501.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 0

24 Jul 2014 — Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file. Vulnerabilidad de subida de ficheros sin restricciones en Attachmate Verastream Process Designer (VPD) anterior a R6 SP1 Hotfix 1 permite a atacantes remotos ejecutar código arbitrario mediante la subida y el lanzamiento de un fichero ejecutable. This vulnerability allows remote attackers to execute arbi... • http://support.attachmate.com/techdocs/2700.html •

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0

06 Nov 2013 — Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a crafted message. Vulnerabilidad de salto de directorio en Servidor de Sesiones en Attachmate Verastream Host Integrator (VHI) 6.0 6.0 a 7.5 SP 1 HF 1 permite a atacantes remotos subir y ejecutar archivos arbitrarios a través de un mensaje manipulado. • http://support.attachmate.com/techdocs/2700.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

06 Sep 2012 — Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information. Vulnerabilidad que no se confía en la ruta de búsqueda de Attachmate Reflection anterior a v14.1 SP1 permite a usuarios locales obtener privilegios a través de un troyano DLL en el directorio de trabajo actual, un tema relacionado con ... • http://secunia.com/advisories/46692 •

CVSS: 10.0EPSS: 64%CPEs: 6EXPL: 2

25 Dec 2011 — Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command. Desbordamiento de búfer en la región heap de la memoria en... • https://www.exploit-db.com/exploits/18119 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

01 Nov 2010 — Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados en Attachmate Reflection para la Web 2008 R2 (builds 10.1.569 y anteriores), 2008 R1, y 9.6 y anteriores. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores de a... • http://osvdb.org/68637 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

02 Feb 2009 — Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka "security vulnerabilities found by 3rd party analysis." Múltiples vulnerabilidades no especificadas en Attachmate Reflection for Secure IT UNIX (cliente y servidor) en versiones anteriores a v7.0 SP1. Se desconoce el impacto y los vectores de ataque. • http://support.attachmate.com/techdocs/2374.html •