Custom Query (8142 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (367 - 369 of 8142)

Ticket Resolution Summary Owner Reporter
#3943 rejected security risk cfneumann
Description

Our IT department is flagging (or flogging, depending on perspective) regarding a security risk with the filezilla server. Is this something that can be fixed?

*

The remote FTP server crashes when the command 'MLST a' is issued right after connecting to it.

An attacker may use this flaw to prevent you from publishing anything using FTP.

Solution : if you are using wftp, then upgrade to version 2.41 RC12, if you are not, then contact your vendor for a fix.

Risk factor : High CVE : CVE-2000-0647 BID : 1506

Nessus ID : 10487

#2387 duplicate security level of data connection (PROT C/P) mbey
Description

When using FTP with TLS/SSL (explicit) FileZilla uses encryption for both the command and data connections sending a 'PROT P' command to the server.

From the security point of view this is ok but not always necessary. Mostly the command connection needs encryption for secure password transfers on login and the data then can be transfered unencrypted and uncompressed (only sometimes data needs encryption). This would give less load to ftp-servers when using fast connection (like 100MBit and above).

It would be great to choose between 'PROT P' and 'PROT C' in default settings and for each site in the manager.

#1310 security issue Filezilla Client 3.0.1 siacom
Description

Hi, the file

X:\Documents and Settings\USER\Application Data\FileZilla\sitemanager.xml

contains the password without encrypt.

Windows version

Batch Modify
Note: See TracBatchModify for help on using batch modify.
Note: See TracQuery for help on using queries.