CVEs-PoC/2020/CVE-2020-8284.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 19:17:37 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

POC

Reference

https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html

Github

https://github.com/Live-Hack-CVE/CVE-2021-40491
https://github.com/fokypoky/places-list
https://github.com/indece-official/clair-client

1.1 KiB Raw Blame History

CVE-2020-8284

Description

POC

Reference

Github

1.1 KiB

Raw Blame History