Lucene search

K

FTP Access Security Vulnerabilities

cve
cve

CVE-2023-37881

Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <=...

8.8CVSS

8.7AI Score

0.001EPSS

2023-09-12 09:15 AM
17
cve
cve

CVE-2023-3510

The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin...

5.4CVSS

5.5AI Score

0.0004EPSS

2023-09-11 08:15 PM
15
cve
cve

CVE-2000-1245

Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown...

7.2AI Score

0.003EPSS

2022-10-03 04:22 PM
20
cve
cve

CVE-2003-1596

NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP...

7AI Score

0.003EPSS

2022-10-03 04:15 PM
23
cve
cve

CVE-2003-1593

NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP...

7.1AI Score

0.003EPSS

2022-10-03 04:15 PM
26
cve
cve

CVE-2003-1594

NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP...

7AI Score

0.003EPSS

2022-10-03 04:15 PM
19
cve
cve

CVE-2003-1476

Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain...

7AI Score

0.0004EPSS

2022-10-03 04:15 PM
22
cve
cve

CVE-2011-5292

The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a...

7.6AI Score

0.007EPSS

2022-10-03 04:15 PM
28
cve
cve

CVE-2007-6734

NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified...

6.4AI Score

0.006EPSS

2022-10-03 04:14 PM
26
cve
cve

CVE-2007-6735

NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP...

6.8AI Score

0.003EPSS

2022-10-03 04:14 PM
19
cve
cve

CVE-2008-0604

The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access...

7AI Score

0.005EPSS

2022-10-03 04:14 PM
12
cve
cve

CVE-2021-41636

MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server...

6.5CVSS

6.6AI Score

0.001EPSS

2022-06-24 12:15 PM
35
4
cve
cve

CVE-2021-41637

Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP...

7.1CVSS

6.6AI Score

0.0004EPSS

2022-06-24 12:15 PM
29
4
cve
cve

CVE-2021-41635

When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host...

8.8CVSS

8.8AI Score

0.003EPSS

2022-06-24 12:15 PM
33
4
cve
cve

CVE-2021-41638

The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid...

7.5CVSS

7.5AI Score

0.003EPSS

2022-06-24 12:15 PM
36
4
cve
cve

CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

8.8CVSS

8.9AI Score

0.127EPSS

2022-01-18 04:15 PM
528
5
cve
cve

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.5CVSS

9.1AI Score

0.975EPSS

2021-12-14 12:15 PM
783
In Wild
15
cve
cve

CVE-2021-35211

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and...

10CVSS

9.7AI Score

0.923EPSS

2021-07-14 09:15 PM
1065
In Wild
15
cve
cve

CVE-2020-11701

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and...

8.8CVSS

8.6AI Score

0.001EPSS

2020-04-12 03:15 AM
75
cve
cve

CVE-2018-19999

The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability,.....

7.8CVSS

7.7AI Score

0.001EPSS

2019-06-07 05:29 PM
56
cve
cve

CVE-2019-1003055

Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file...

8.8CVSS

8.6AI Score

0.003EPSS

2019-04-04 04:29 PM
29
cve
cve

CVE-2007-6234

index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user...

6.9AI Score

0.009EPSS

2007-12-04 06:46 PM
17
cve
cve

CVE-2003-1300

Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May 31, 2003, allows remote attackers to cause a denial of service via a large number of connections from the same IP address, which triggers an access...

7.1AI Score

0.009EPSS

2006-03-24 11:00 AM
28
cve
cve

CVE-2004-1884

Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain...

6.9AI Score

0.013EPSS

2005-05-10 04:00 AM
30
cve
cve

CVE-2005-0690

Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE...

6.8AI Score

0.0004EPSS

2005-03-08 05:00 AM
27
cve
cve

CVE-2005-0312

WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string...

6.5AI Score

0.003EPSS

2005-02-10 05:00 AM
24
4
cve
cve

CVE-2004-0677

Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attackers to cause a denial of service (temporary hang) via the cd command with an unusual argument, possibly due to multiple leading slashes and/or an access to the floppy drive...

7.3AI Score

0.003EPSS

2004-08-06 04:00 AM
26
cve
cve

CVE-2004-0437

Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid...

6.7AI Score

0.016EPSS

2004-07-07 04:00 AM
20
cve
cve

CVE-2001-1142

ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain...

7.3AI Score

0.005EPSS

2002-03-15 05:00 AM
21
cve
cve

CVE-2001-0765

BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other...

6.7AI Score

0.0004EPSS

2002-03-09 05:00 AM
22
cve
cve

CVE-2001-0582

Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5)...

6.4AI Score

0.0004EPSS

2001-08-22 04:00 AM
25
cve
cve

CVE-1999-0351

FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a...

6.5AI Score

0.009EPSS

1999-09-29 04:00 AM
101
1