Lucene search
K

27 matches found

Nuclei
Nuclei
added 6 days ago15 views

WS_FTP Server - Insecure Deserialization

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. id: CVE-2023-40044 info: name: WSFTP Server - Insecure...

10CVSS7.7AI score0.9015EPSS
Exploits5References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-44652

Malicious code in bioql PyPI...

8.3CVSS7.1AI score0.00895EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/30 12:0 a.m.21 views

Progress WS_FTP Server < 8.7.6, 8.8.x < 8.8.4 Arbitrary File Upload

The remote host is running a version of WSFTP earlier than 8.7.6 or 8.8.x prior to 8.8.4. It is, therefore, affected by an arbitrary file upload vulnerability in the Ad Hoc Transfer Mode module. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload...

9.1CVSS8.1AI score0.00896EPSS
Exploits0References2
OSV
OSV
added 2023/11/07 4:15 p.m.3 views

CVE-2023-42659

In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...

8.8CVSS5.7AI score0.00896EPSS
Exploits0References2
Prion
Prion
added 2023/11/07 4:15 p.m.15 views

Unrestricted file upload

In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...

6.5CVSS6.9AI score0.00896EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/07 3:13 p.m.9 views

CVE-2023-42659 WS_FTP Server Arbitrary File Upload

In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...

9.1CVSS6.9AI score0.00896EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/07 3:13 p.m.14 views

CVE-2023-42659 WS_FTP Server Arbitrary File Upload

In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...

9.1CVSS9.3AI score0.00896EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/10/17 12:0 a.m.6 views

The vulnerability of the Ad Hoc Transfer module of the WS_FTP Server allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Ad Hoc Transfer module of the WSFTP Server server is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

8.3CVSS6.9AI score0.00895EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/06 12:0 a.m.6 views

The vulnerability of the Ad hoc Transfer Module of the WS_FTP Server allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Ad hoc Transfer Module of the WSFTP Server server is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS8.1AI score0.9015EPSS
Exploits5References10Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2023/10/05 12:0 a.m.41 views

Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

Progress WSFTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system...

10CVSS7.3AI score0.9015EPSS
In wildExploits5
Metasploit
Metasploit
added 2023/10/04 7:50 p.m.420 views

Progress Software WS_FTP Unauthenticated Remote Code Execution

This module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerable to this...

10CVSS9AI score0.9015EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/10/04 12:0 a.m.461 views

Progress Software WS_FTP Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Software WSFTP Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unsafe .NET deserialization...

10CVSS7.1AI score0.9015EPSS
Exploits5
0day.today
0day.today
added 2023/10/04 12:0 a.m.393 views

Progress Software WS_FTP Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerabl...

10CVSS8.1AI score0.9015EPSS
Exploits5
VulnCheck KEV
VulnCheck KEV
added 2023/10/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-40044

Progress WSFTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system...

10CVSS7.6AI score0.9015EPSS
Exploits5References1
NCSC
NCSC
added 2023/09/29 12:0 a.m.5 views

Vulnerabilities fixed in WS_FTP

Progress has fixed vulnerabilities in WSFTP. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code...

10CVSS8AI score0.9015EPSS
Exploits6
OSV
OSV
added 2023/09/27 3:18 p.m.4 views

CVE-2023-40045

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting XSS vulnerability exists in WSFTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WSFTP Server users with a specialized payload which results in the execution of malicious...

6.1CVSS5.8AI score0.00895EPSS
Exploits0References2
NVD
NVD
added 2023/09/27 3:18 p.m.23 views

CVE-2023-40044

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...

10CVSS9.6AI score0.9015EPSS
Exploits5References9
OSV
OSV
added 2023/09/27 3:18 p.m.6 views

CVE-2023-40044

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...

8.8CVSS6AI score0.9015EPSS
Exploits5References9
NVD
NVD
added 2023/09/27 3:18 p.m.14 views

CVE-2023-40045

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting XSS vulnerability exists in WSFTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WSFTP Server users with a specialized payload which results in the execution of malicious...

8.3CVSS7.4AI score0.00895EPSS
Exploits0References2
Prion
Prion
added 2023/09/27 3:18 p.m.21 views

Cross site scripting

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting XSS vulnerability exists in WSFTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WSFTP Server users with a specialized payload which results in the execution of malicious...

5.8CVSS6.7AI score0.00895EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder