27 matches found
WS_FTP Server - Insecure Deserialization
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. id: CVE-2023-40044 info: name: WSFTP Server - Insecure...
EUVD-2023-44652
Malicious code in bioql PyPI...
Progress WS_FTP Server < 8.7.6, 8.8.x < 8.8.4 Arbitrary File Upload
The remote host is running a version of WSFTP earlier than 8.7.6 or 8.8.x prior to 8.8.4. It is, therefore, affected by an arbitrary file upload vulnerability in the Ad Hoc Transfer Mode module. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload...
CVE-2023-42659
In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...
Unrestricted file upload
In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...
CVE-2023-42659 WS_FTP Server Arbitrary File Upload
In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...
CVE-2023-42659 WS_FTP Server Arbitrary File Upload
In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...
The vulnerability of the Ad Hoc Transfer module of the WS_FTP Server allows attackers to carry out cross-site scripting attacks.
The vulnerability of the Ad Hoc Transfer module of the WSFTP Server server is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Ad hoc Transfer Module of the WS_FTP Server allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Ad hoc Transfer Module of the WSFTP Server server is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
Progress WSFTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system...
Progress Software WS_FTP Unauthenticated Remote Code Execution
This module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerable to this...
Progress Software WS_FTP Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Software WSFTP Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unsafe .NET deserialization...
Progress Software WS_FTP Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerabl...
VulnCheck KEV: CVE-2023-40044
Progress WSFTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system...
Vulnerabilities fixed in WS_FTP
Progress has fixed vulnerabilities in WSFTP. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code...
CVE-2023-40045
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting XSS vulnerability exists in WSFTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WSFTP Server users with a specialized payload which results in the execution of malicious...
CVE-2023-40044
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...
CVE-2023-40044
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...
CVE-2023-40045
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting XSS vulnerability exists in WSFTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WSFTP Server users with a specialized payload which results in the execution of malicious...
Cross site scripting
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting XSS vulnerability exists in WSFTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WSFTP Server users with a specialized payload which results in the execution of malicious...