Vastgota-Data ProVide Injection Vulnerability

Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. An injection vulnerability exists in /ajax/GetInheritedProperties in Vastgota-Data ProVide 13.1 and earlier versions. The vulnerability arises from a lack of proper validation of user input...

CVE-2020-11703

An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter...

CVE-2020-11704

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter...

Design/Logic Flaw

An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter...

CVE-2020-11703

CVE-2020-11703 describes an HTTP Response Splitting vulnerability in ProVide (formerly zFTPServer) up to version 13.1, exploitable via /ajax/GetInheritedProperties with the language parameter. The issue arises from insufficient input handling allowing CRLF-based splitting during response construc...