apache-mina-sshd: information exposure in SFTP server implementations

A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope...

Progress Software WS_FTP Server Code Issue Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A code issue vulnerability exists in versions of Progress Software WSFTP Server prior to 8.8.4 that stems from not limiting the number of file uploads...

The vulnerability of the Ad hoc Transfer Module of the WS_FTP Server allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Ad hoc Transfer Module of the WSFTP Server server is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2023-40048

In WSFTP Server version prior to 8.8.2, the WSFTP Server Manager interface was missing cross-site request forgery CSRF protection on a POST transaction corresponding to a WSFTP Server administrative function...

WS_FTP Server Path Traversal Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in WSFTP Server versions prior to 8.7.4, 8.8.2. An attacker can exploit the vulnerability to read arbitrary files on the server running the application...

JSCAPE MFT Server Code Issue Vulnerability

JSCAPE MFT Server is a flexible and scalable hosted file transfer solution from JSCAPE USA. A security vulnerability exists in JSCAPE MFT Server versions prior to 2023.1.9 that stems from the presence of insecure deserialization, which allows an attacker to run arbitrary Java code through its...

SolarWinds Serv-U FTP Server Access Control Error Vulnerability

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the US-based SolarWinds Corporation. An access control error vulnerability exists in versions of SolarWinds Serv-U FTP Server prior to 15.4 HF2, which stems from an attacker being able to bypass multi/two-factor...

CVE-2023-35698

Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt...

The vulnerability of the FTP server PLC MKLogic-500, related to improper access control, allows a hacker to trigger a service failure.

The vulnerability of the FTP server PLC MKLogic-500 is related to improper access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

PT-2023-1684 · Mitsubishi · Melsec-Q Series +5

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC iQ-F Series versions all Mitsubishi Electric Corporation MELSEC iQ-R Series versions all Mitsubishi Electric Corporation MELSEC-Q Series versions all Mitsubishi Electric Corporation MELSEC-L Series...

PT-2022-24394 · Mentor Graphics +1 · Nucleus Net For Nucleus Plus V1 +17

Name of the Vulnerable Software and Affected Versions: APOGEE MBC PPC BACnet versions All APOGEE MBC PPC P2 Ethernet versions All APOGEE MEC PPC BACnet versions All APOGEE MEC PPC P2 Ethernet versions All APOGEE PXC Compact BACnet versions prior to V3.5.7 APOGEE PXC Compact P2 Ethernet versions...

PT-2022-19390 · Jenkins · Jenkins Publish Over Ftp Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Publish Over FTP Plugin versions 1.16 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an FTP server using attacker-specified credentials. Recommendations: For Jenkins Publish Over FTP...

TIBCO Managed File Transfer Platform Server 代码注入漏洞

TIBCO Managed File Transfer Platform Server is a hosted file transfer platform server from TIBCO USA. A security vulnerability exists in the cfsend, cfrecv, and CyberResp components of TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux...

Pro2col Stingray FTS 跨站脚本漏洞

Pro2col StingRay FTS is a file transfer server for Internet communication from Pro2col, UK. A cross-site scripting vulnerability exists in the Pro2col Stingray FTS that stems from the fact that manipulation of the Username parameter can lead to a cross-site scripting vulnerability...

Siemens Nucleus ReadyStart 缓冲区错误漏洞

The Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device, and the Nucleus RTOS is a microkernel-based real-time operating system. A security vulnerability exis...

The vulnerability of the TFTP server for microprogramming software of NETGEAR ProSAFE Plus JGS516PE and ProSAFE Plus GS116Ev2 allows a intruder to increase their privileges.

The vulnerability of the TFTP server for microprogramming software in NETGEAR ProSAFE Plus JGS516PE and ProSAFE Plus GS116Ev2 devices is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

Winscp 缓冲区错误漏洞

WinSCP is a free open source SFTP, FTP, WebDAV, Amazon S3 and SCP client for Microsoft Windows. A buffer overflow vulnerability exists in WinSCP 5.17.8. An attacker can exploit this vulnerability to cause a denial of service via a malicious FTP server via a long filename...

@zpmc/zwd-server (>=0.0.14 <=0.0.21) potentially affected by unknown CVE via ftp-srv (=4.1.0)

ftp-srv NPM version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on ftp-srv and may be impacted: - @zpmc/zwd-server =0.0.14, =0.0.21 Source cves: unknown CVE Source advisory: OSV:GHSA-R4M5-47CQ-6QG8...

Vastgota-Data ProVide Cross-Site Request Forgery Vulnerability

Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A cross-site request forgery vulnerability exists in Vastgota-Data ProVide version 13.1 and earlier. The vulnerability stems from a WEB application that does not adequately validate that a...

Vastgota-Data Cross-Site Request Forgery Vulnerability

Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A cross-site request forgery vulnerability exists in the user web interface in Vastgota-Data ProVide 13.1 and prior versions. The vulnerability stems from the WEB application not adequately...