247 matches found
CVE-2023-40047 WS_FTP Server Stored Cross-Site Scripting Vulnerability
In WSFTP Server version prior to 8.8.2, a stored cross-site scripting XSS vulnerability exists in WSFTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site...
CVE-2023-40046 WS_FTP Server SQL Injection via Administrative Interface
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WSFTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements...
CVE-2023-40046 WS_FTP Server SQL Injection via Administrative Interface
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WSFTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements...
CVE-2023-40046
CVE-2023-40046 affects Progress WS_FTP Server: SQL injection in the WS_FTP Server manager interface present in versions prior to 8.7.4 and 8.8.2. The vulnerability allows an attacker to infer database structure and contents and to execute SQL statements that can alter or delete database elements....
CVE-2023-40045 WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting XSS vulnerability exists in WSFTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WSFTP Server users with a specialized payload which results in the execution of malicious...
CVE-2023-40045 WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting XSS vulnerability exists in WSFTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WSFTP Server users with a specialized payload which results in the execution of malicious...
CVE-2023-40045
CVE-2023-40045 is a reflected cross-site scripting (XSS) vulnerability in WS_FTP Server’s Ad Hoc Transfer module, affecting versions prior to 8.7.4 and 8.8.2. The flaw allows an attacker to deliver a payload that executes malicious JavaScript in the victim’s browser. Root cause: lack of proper in...
CVE-2023-42657 WS_FTP Server Directory Traversal
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could also...
CVE-2023-42657 WS_FTP Server Directory Traversal
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could also...
CVE-2023-42657
CVE-2023-42657 affects Progress WS_FTP Server, in versions prior to 8.7.4 and 8.8.2. The vulnerability is a directory traversal flaw in the server’s file handling that allows an unauthenticated or less-privileged user to perform file operations (delete, rename, rmdir, mkdir) outside the designate...
CVE-2023-40044 WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...
CVE-2023-40044
CVE-2023-40044 affects Progress Software WS_FTP Server, exploiting a deserialization flaw in the Ad Hoc Transfer module to achieve remote code execution. A pre-authenticated attacker can trigger this via the vulnerable .NET deserialization path in WS_FTP Server versions prior to 8.7.4 (and 8.8.2)...
CVE-2023-40044 WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...
CVE-2023-40044
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. Recent assessments: sfewer-r7 at October 02, 2023 8:11am UT...
CVE-2022-27665
Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...
CVE-2022-27665
Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...
CVE-2022-27665
Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...
CVE-2022-27665
Summary (CVE-2022-27665): Progress Ipswitch WS_FTP Server 8.6.0 is affected by a reflected XSS vulnerability via AngularJS sandbox escape expressions, allowing an attacker to trigger client-side code by submitting crafted input in the subdirectory search bar or Add folder filename fields. The iss...
CVE-2023-24029
In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...
Authorization
In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...