Lucene search
K

10 matches found

CISA
CISA
added 2023/10/05 12:0 p.m.21 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-40044 Progress WSFTP Server Deserialization of Untrusted Data Vulnerability CVE-2023-42824 Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability...

10CVSS9.1AI score0.99156EPSS
In wildExploits44References8
Metasploit
Metasploit
added 2023/10/04 7:50 p.m.435 views

Progress Software WS_FTP Unauthenticated Remote Code Execution

This module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerable to this...

10CVSS9AI score0.9015EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/10/04 12:0 a.m.463 views

Progress Software WS_FTP Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Software WSFTP Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unsafe .NET deserialization...

10CVSS7.1AI score0.9015EPSS
Exploits5
0day.today
0day.today
added 2023/10/04 12:0 a.m.394 views

Progress Software WS_FTP Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerabl...

10CVSS8.1AI score0.9015EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2023/10/04 12:0 a.m.55 views

Progress WS_FTP Server < 8.7.4, 8.8.0 < 8.8.2 Multiple Vulnerabilities

The remote host is running a version of WSFTP earlier than 8.7.4 or 8.8.0 prior to 8.8.2. Such versions are reportedly affected by multiple vulnerabilities : - A pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands...

10CVSS8AI score0.9015EPSS
Exploits6References6
GithubExploit
GithubExploit
added 2023/10/02 2:55 p.m.723 views

Exploit for Deserialization of Untrusted Data in Progress Ws_Ftp_Server

WSFTP-CVE-2023-40044 Repository with everything I have track...

10CVSS9.4AI score0.9015EPSS
Exploits5
Circl
Circl
added 2023/09/29 8:31 a.m.26 views

CVE-2023-40044

creationtimestamp| type| source ---|---|--- 2023-09-29 08:31:16+00:00| seen| https://t.me/thehackernews/3938 2023-09-29 09:43:11+00:00| seen| https://t.me/KomunitiSiber/861 2023-09-29 09:57:03+00:00| seen| Telegram/coCViSpTdBJIO6f5nGTY2jkmcohpMEICdIU3s8ly80oqRQ 2023-09-29 11:44:51+00:00| seen|...

10CVSS7.5AI score0.9015EPSS
Exploits5References26
The Hacker News
The Hacker News
added 2023/09/29 6:15 a.m.78 views

Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WSFTP Server Ad hoc Transfer Module and in the WSFTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions...

10CVSS9.3AI score0.9015EPSS
Exploits6
Vulnrichment
Vulnrichment
added 2023/09/27 2:48 p.m.12 views

CVE-2023-40044 WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...

10CVSS9.6AI score0.9015EPSS
Exploits5References8
CVE
CVE
added 2023/09/27 2:48 p.m.450 views

CVE-2023-40044

CVE-2023-40044 affects Progress Software WS_FTP Server, exploiting a deserialization flaw in the Ad Hoc Transfer module to achieve remote code execution. A pre-authenticated attacker can trigger this via the vulnerable .NET deserialization path in WS_FTP Server versions prior to 8.7.4 (and 8.8.2)...

10CVSS9.3AI score0.9015EPSS
In wildExploits5References9Affected Software1
Rows per page
Query Builder