Custom Query (8142 matches)
Results (367 - 369 of 8142)
Our IT department is flagging (or flogging, depending on perspective) regarding a security risk with the filezilla server. Is this something that can be fixed?
The remote FTP server crashes when the command 'MLST a' is issued right after connecting to it.
An attacker may use this flaw to prevent you from publishing anything using FTP.
Solution : if you are using wftp, then upgrade to version 2.41 RC12, if you are not, then contact your vendor for a fix.
Risk factor : High CVE : CVE-2000-0647 BID : 1506
Nessus ID : 10487
|#2387||duplicate||security level of data connection (PROT C/P)|
When using FTP with TLS/SSL (explicit) FileZilla uses encryption for both the command and data connections sending a 'PROT P' command to the server.
From the security point of view this is ok but not always necessary. Mostly the command connection needs encryption for secure password transfers on login and the data then can be transfered unencrypted and uncompressed (only sometimes data needs encryption). This would give less load to ftp-servers when using fast connection (like 100MBit and above).
It would be great to choose between 'PROT P' and 'PROT C' in default settings and for each site in the manager.
|#1310||security issue Filezilla Client 3.0.1|
Hi, the file
X:\Documents and Settings\USER\Application Data\FileZilla\sitemanager.xml
contains the password without encrypt.