2 matches found
Design/Logic Flaw
cgi/surgeftpmgr.cgi aka the Web Manager interface on TCP port 7021 or 9021 in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter...
CVE-2001-1356
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021...