Lucene search
K

247 matches found

Vulnrichment
Vulnrichment
added 2023/09/27 2:50 p.m.22 views

CVE-2023-40047 WS_FTP Server Stored Cross-Site Scripting Vulnerability

In WSFTP Server version prior to 8.8.2, a stored cross-site scripting XSS vulnerability exists in WSFTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site...

8.3CVSS5.4AI score0.00409EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/27 2:50 p.m.33 views

CVE-2023-40046 WS_FTP Server SQL Injection via Administrative Interface

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WSFTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements...

8.2CVSS9.2AI score0.00854EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/27 2:50 p.m.15 views

CVE-2023-40046 WS_FTP Server SQL Injection via Administrative Interface

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WSFTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements...

8.2CVSS7.4AI score0.00854EPSS
Exploits0References2
CVE
CVE
added 2023/09/27 2:50 p.m.49 views

CVE-2023-40046

CVE-2023-40046 affects Progress WS_FTP Server: SQL injection in the WS_FTP Server manager interface present in versions prior to 8.7.4 and 8.8.2. The vulnerability allows an attacker to infer database structure and contents and to execute SQL statements that can alter or delete database elements....

8.2CVSS7.6AI score0.00854EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/27 2:49 p.m.27 views

CVE-2023-40045 WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting XSS vulnerability exists in WSFTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WSFTP Server users with a specialized payload which results in the execution of malicious...

8.3CVSS8.1AI score0.00895EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/27 2:49 p.m.18 views

CVE-2023-40045 WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting XSS vulnerability exists in WSFTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WSFTP Server users with a specialized payload which results in the execution of malicious...

8.3CVSS5.6AI score0.00895EPSS
Exploits0References2
CVE
CVE
added 2023/09/27 2:49 p.m.49 views

CVE-2023-40045

CVE-2023-40045 is a reflected cross-site scripting (XSS) vulnerability in WS_FTP Server’s Ad Hoc Transfer module, affecting versions prior to 8.7.4 and 8.8.2. The flaw allows an attacker to deliver a payload that executes malicious JavaScript in the victim’s browser. Root cause: lack of proper in...

8.3CVSS6.4AI score0.00895EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/27 2:49 p.m.16 views

CVE-2023-42657 WS_FTP Server Directory Traversal

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could also...

9.9CVSS6.7AI score0.17025EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/27 2:49 p.m.19 views

CVE-2023-42657 WS_FTP Server Directory Traversal

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could also...

9.9CVSS9.6AI score0.17025EPSS
Exploits0References2
CVE
CVE
added 2023/09/27 2:49 p.m.71 views

CVE-2023-42657

CVE-2023-42657 affects Progress WS_FTP Server, in versions prior to 8.7.4 and 8.8.2. The vulnerability is a directory traversal flaw in the server’s file handling that allows an unauthenticated or less-privileged user to perform file operations (delete, rename, rmdir, mkdir) outside the designate...

9.9CVSS9AI score0.17025EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/27 2:48 p.m.12 views

CVE-2023-40044 WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...

10CVSS9.6AI score0.9015EPSS
Exploits5References8
CVE
CVE
added 2023/09/27 2:48 p.m.450 views

CVE-2023-40044

CVE-2023-40044 affects Progress Software WS_FTP Server, exploiting a deserialization flaw in the Ad Hoc Transfer module to achieve remote code execution. A pre-authenticated attacker can trigger this via the vulnerable .NET deserialization path in WS_FTP Server versions prior to 8.7.4 (and 8.8.2)...

10CVSS9.3AI score0.9015EPSS
In wildExploits5References9Affected Software1
Cvelist
Cvelist
added 2023/09/27 2:48 p.m.49 views

CVE-2023-40044 WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...

10CVSS9.8AI score0.9015EPSS
Exploits5References8
ATTACKERKB
ATTACKERKB
added 2023/09/27 12:0 a.m.55 views

CVE-2023-40044

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. Recent assessments: sfewer-r7 at October 02, 2023 8:11am UT...

10CVSS9.4AI score0.9015EPSS
In wildExploits5References10
NVD
NVD
added 2023/04/03 2:15 p.m.44 views

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

6.1CVSS7AI score0.33112EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/04/03 12:0 a.m.15 views

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

7.1AI score0.33112EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/03 12:0 a.m.51 views

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

7.2AI score0.33112EPSS
Exploits1References3
CVE
CVE
added 2023/04/03 12:0 a.m.79 views

CVE-2022-27665

Summary (CVE-2022-27665): Progress Ipswitch WS_FTP Server 8.6.0 is affected by a reflected XSS vulnerability via AngularJS sandbox escape expressions, allowing an attacker to trigger client-side code by submitting crafted input in the subdirectory search bar or Add folder filename fields. The iss...

6.1CVSS7.2AI score0.33112EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/02/03 9:15 p.m.16 views

CVE-2023-24029

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

7.2CVSS7AI score0.00887EPSS
Exploits0References2
Prion
Prion
added 2023/02/03 9:15 p.m.17 views

Authorization

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

5.8CVSS6.9AI score0.00887EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder