247 matches found
CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server
In WSFTP Server versions before 8.8.8 2022.0.8, a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...
CVE-2024-7745
The CVE-2024-7745 issue affects Progress WS_FTP Server older than 8.8.8 (2022.0.8): a Missing Critical Step in the Web Transfer Module’s Multi-Factor Authentication allows bypass of second-factor verification, enabling login with only username and password. Impact is user authentication bypass, w...
CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server
In WSFTP Server versions before 8.8.8 2022.0.8, a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...
CVE-2024-7744
CVE-2024-7744 affects Progress WS_FTP Server prior to 8.8.8 (2022.0.8). The flaw is a Path Traversal in the Web Transfer Module that enables file discovery, probing system files, and user-controlled filename manipulation; additionally, an authenticated API call can download a file from an arbitra...
CVE-2024-7744 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Progress WS_FTP Server
In WSFTP Server versions before 8.8.8 2022.0.8, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has...
Cross site scripting
In WSFTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WSFTP Server administrative interface...
CVE-2024-1474 WS_FTP Server Reflected Cross-Site Scripting in Administrative Interface
In WSFTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WSFTP Server administrative interface...
CVE-2024-1474 WS_FTP Server Reflected Cross-Site Scripting in Administrative Interface
In WSFTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WSFTP Server administrative interface...
CVE-2024-1474
WS_FTP Server prior to 8.8.5 is affected by reflected cross-site scripting in the administrative interface, arising from handling of various user-supplied inputs. The issue is documented across multiple sources as a vulnerability in WS_FTP Server versions before 8.8.5. A remediation action is to ...
Progress WS_FTP Server < 8.7.6, 8.8.x < 8.8.4 Arbitrary File Upload
The remote host is running a version of WSFTP earlier than 8.7.6 or 8.8.x prior to 8.8.4. It is, therefore, affected by an arbitrary file upload vulnerability in the Ad Hoc Transfer Mode module. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload...
WS_FTP Server 5.0.5 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: WSFTP Server 5.0.5 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 30 january 2024 Vendor Homepage: N/A Notification vendor: No reported Tested Version: 5.0.5 Tested on: Window XP Professional - Service Pack 2 and 3 -...
WS_FTP Server Remote Code Execution
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. No source data...
CVE-2023-42659
In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...
Unrestricted file upload
In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...
CVE-2023-42659
The CVE concerns Progress WS_FTP Server. Versions prior to 8.7.6 and 8.8.4 are affected by an unrestricted file upload flaw in the Ad Hoc Transfer module: an authenticated Ad Hoc Transfer user can craft an API call to upload a file to a location on the host OS running WS_FTP Server. Documented im...
CVE-2023-42659 WS_FTP Server Arbitrary File Upload
In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...
Progress WS_FTP Server < 8.7.4, 8.8.0 < 8.8.2 Multiple Vulnerabilities
The remote host is running a version of WSFTP earlier than 8.7.4 or 8.8.0 prior to 8.8.2. Such versions are reportedly affected by multiple vulnerabilities : - A pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands...
Progress WS_FTP Server < 8.8.2 Multiple Vulnerabilities
The remote host is running a version of WSFTP earlier than to 8.8.2. Such versions are reportedly affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in WSFTP Server's Management module. An attacker with administrative privileges could import a SSL...
Critical Vulnerabilities in WS_FTP Server
On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WSFTP Server, a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical CVE-2023-40044 and CVE-2023-42657. Our research team has...
Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WSFTP Server Ad hoc Transfer Module and in the WSFTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions...