Lucene search
K

247 matches found

vulnrichment
vulnrichment
added 2023/02/03 12:0 a.m.2 views

CVE-2023-24029

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

7.1AI score0.00887EPSS
Exploits0References2
cvelist
cvelist
added 2023/02/03 12:0 a.m.18 views

CVE-2023-24029

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

7.2AI score0.00887EPSS
Exploits0References2
cve
cve
added 2023/02/03 12:0 a.m.49 views

CVE-2023-24029

Progress WS_FTP Server before 8.8 contains a privilege-escalation flaw where a host administrator can elevate privileges through the administrative interface due to insufficient authorization controls on the user-modification workflows. This affects WS_FTP Server versions prior to 8.8. The issue ...

7.2CVSS6.9AI score0.00887EPSS
Exploits0References2Affected Software1
openvas
openvas
added 2022/08/12 12:0 a.m.17 views

Progress WS_FTP Server Detection Consolidation

Consolidation of Progress WSFTP Server detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if description...

7.3AI score
Exploits0References1
nvd
nvd
added 2022/08/02 10:15 p.m.12 views

CVE-2022-36968

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...

4.3CVSS0.00224EPSS
Exploits0References2
prion
prion
added 2022/08/02 10:15 p.m.17 views

Cross site request forgery (csrf)

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...

4.3CVSS4.8AI score0.00224EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2022/08/02 9:58 p.m.28 views

CVE-2022-36968

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...

5AI score0.00224EPSS
Exploits0References2
cve
cve
added 2022/08/02 9:58 p.m.59 views

CVE-2022-36968

Progress WS_FTP Server prior to version 8.7.3 is affected by a CSRF vulnerability due to admin forms lacking a nonce. The issue is tied to the web administration interface and could enable cross-site request forgery. Affected products: WS_FTP Server

4.3CVSS4.7AI score0.00224EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2022/08/02 9:58 p.m.15 views

CVE-2022-36967

In Progress WSFTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WSFTP administrator's web session. This would allow the attacker to...

6.2AI score0.00628EPSS
Exploits0References2
cve
cve
added 2022/08/02 9:58 p.m.62 views

CVE-2022-36967

CVE-2022-36967 affects Progress WS_FTP Server versions prior to 8.7.3. The administrative web interface contains multiple reflected XSS vulnerabilities that allow a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator’s web session, enabling code execution in the victim’s br...

6.1CVSS6AI score0.00628EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2019/06/11 9:29 p.m.14 views

CVE-2019-12145

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system...

7.5CVSS7.3AI score0.04735EPSS
Exploits0References1
nvd
nvd
added 2019/06/11 9:29 p.m.12 views

CVE-2019-12146

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized director...

9.1CVSS9.2AI score0.03968EPSS
Exploits0References1
nvd
nvd
added 2019/06/11 9:29 p.m.26 views

CVE-2019-12144

An issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses th...

9.8CVSS9.8AI score0.02942EPSS
Exploits0References1
nvd
nvd
added 2019/06/11 9:29 p.m.11 views

CVE-2019-12143

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WSFTP usernames as well as filenames...

5.3CVSS5.2AI score0.01991EPSS
Exploits0References1
prion
prion
added 2019/06/11 9:29 p.m.9 views

Directory traversal

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system...

5CVSS7.3AI score0.04735EPSS
Exploits0References1Affected Software1
prion
prion
added 2019/06/11 9:29 p.m.26 views

Path traversal

An issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses th...

7.5CVSS9.7AI score0.02942EPSS
Exploits0References1Affected Software1
prion
prion
added 2019/06/11 9:29 p.m.19 views

Directory traversal

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WSFTP usernames as well as filenames...

5CVSS5.2AI score0.01991EPSS
Exploits0References1Affected Software1
prion
prion
added 2019/06/11 9:29 p.m.14 views

Directory traversal

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized director...

6.4CVSS9AI score0.03968EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2019/06/11 8:58 p.m.14 views

CVE-2019-12146

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized director...

9.2AI score0.03968EPSS
Exploits0References1
cve
cve
added 2019/06/11 8:58 p.m.108 views

CVE-2019-12146

CVE-2019-12146 affects Progress Ipswitch WS_FTP Server 2018 before 8.6.1. Vulnerable component: SSHServerAPI.dll; SCP listener flaw allows crafted strings to write files and create directories outside the authorized directory. Attack surface is network-exposed; impact includes potential unauthori...

9.1CVSS9AI score0.03968EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder