Lucene search
K

247 matches found

Cvelist
Cvelist
added 2024/08/28 4:31 p.m.22 views

CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.8 2022.0.8, a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

6.5CVSS0.00365EPSS
Exploits0References2
CVE
CVE
added 2024/08/28 4:31 p.m.65 views

CVE-2024-7745

The CVE-2024-7745 issue affects Progress WS_FTP Server older than 8.8.8 (2022.0.8): a Missing Critical Step in the Web Transfer Module’s Multi-Factor Authentication allows bypass of second-factor verification, enabling login with only username and password. Impact is user authentication bypass, w...

8.1CVSS7AI score0.00365EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/28 4:31 p.m.31 views

CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.8 2022.0.8, a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

6.5CVSS7AI score0.00365EPSS
Exploits0References2
CVE
CVE
added 2024/08/28 4:30 p.m.79 views

CVE-2024-7744

CVE-2024-7744 affects Progress WS_FTP Server prior to 8.8.8 (2022.0.8). The flaw is a Path Traversal in the Web Transfer Module that enables file discovery, probing system files, and user-controlled filename manipulation; additionally, an authenticated API call can download a file from an arbitra...

6.5CVSS6.7AI score0.00688EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/28 4:30 p.m.18 views

CVE-2024-7744 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Progress WS_FTP Server

In WSFTP Server versions before 8.8.8 2022.0.8, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has...

6.5CVSS6.7AI score0.00688EPSS
Exploits0References2
Prion
Prion
added 2024/02/21 4:15 p.m.16 views

Cross site scripting

In WSFTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WSFTP Server administrative interface...

5.1CVSS6.7AI score0.0045EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/21 3:33 p.m.18 views

CVE-2024-1474 WS_FTP Server Reflected Cross-Site Scripting in Administrative Interface

In WSFTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WSFTP Server administrative interface...

7.5CVSS6.7AI score0.0045EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/21 3:33 p.m.24 views

CVE-2024-1474 WS_FTP Server Reflected Cross-Site Scripting in Administrative Interface

In WSFTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WSFTP Server administrative interface...

7.5CVSS7.6AI score0.0045EPSS
Exploits0References2
CVE
CVE
added 2024/02/21 3:33 p.m.82 views

CVE-2024-1474

WS_FTP Server prior to 8.8.5 is affected by reflected cross-site scripting in the administrative interface, arising from handling of various user-supplied inputs. The issue is documented across multiple sources as a vulnerability in WS_FTP Server versions before 8.8.5. A remediation action is to ...

7.5CVSS7.5AI score0.0045EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/30 12:0 a.m.21 views

Progress WS_FTP Server < 8.7.6, 8.8.x < 8.8.4 Arbitrary File Upload

The remote host is running a version of WSFTP earlier than 8.7.6 or 8.8.x prior to 8.8.4. It is, therefore, affected by an arbitrary file upload vulnerability in the Ad Hoc Transfer Mode module. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload...

9.1CVSS8.1AI score0.00896EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/01/30 12:0 a.m.269 views

WS_FTP Server 5.0.5 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: WSFTP Server 5.0.5 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 30 january 2024 Vendor Homepage: N/A Notification vendor: No reported Tested Version: 5.0.5 Tested on: Window XP Professional - Service Pack 2 and 3 -...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/12/01 12:0 a.m.9 views

WS_FTP Server Remote Code Execution

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. No source data...

10CVSS7.7AI score0.9015EPSS
Exploits5References1
NVD
NVD
added 2023/11/07 4:15 p.m.21 views

CVE-2023-42659

In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...

9.1CVSS0.00896EPSS
Exploits0References2
Prion
Prion
added 2023/11/07 4:15 p.m.17 views

Unrestricted file upload

In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...

6.5CVSS6.9AI score0.00896EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/11/07 3:13 p.m.95 views

CVE-2023-42659

The CVE concerns Progress WS_FTP Server. Versions prior to 8.7.6 and 8.8.4 are affected by an unrestricted file upload flaw in the Ad Hoc Transfer module: an authenticated Ad Hoc Transfer user can craft an API call to upload a file to a location on the host OS running WS_FTP Server. Documented im...

9.1CVSS9AI score0.00896EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/07 3:13 p.m.10 views

CVE-2023-42659 WS_FTP Server Arbitrary File Upload

In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...

9.1CVSS6.9AI score0.00896EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/04 12:0 a.m.55 views

Progress WS_FTP Server < 8.7.4, 8.8.0 < 8.8.2 Multiple Vulnerabilities

The remote host is running a version of WSFTP earlier than 8.7.4 or 8.8.0 prior to 8.8.2. Such versions are reportedly affected by multiple vulnerabilities : - A pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands...

10CVSS8AI score0.9015EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2023/10/04 12:0 a.m.34 views

Progress WS_FTP Server < 8.8.2 Multiple Vulnerabilities

The remote host is running a version of WSFTP earlier than to 8.8.2. Such versions are reportedly affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in WSFTP Server's Management module. An attacker with administrative privileges could import a SSL...

8.3CVSS6.5AI score0.00747EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2023/09/29 1:33 p.m.81 views

Critical Vulnerabilities in WS_FTP Server

On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WSFTP Server, a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical CVE-2023-40044 and CVE-2023-42657. Our research team has...

6.5CVSS7.7AI score0.9015EPSS
Exploits6
The Hacker News
The Hacker News
added 2023/09/29 6:15 a.m.77 views

Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WSFTP Server Ad hoc Transfer Module and in the WSFTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions...

10CVSS9.3AI score0.9015EPSS
Exploits6
Rows per page
Query Builder