CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An issue was discovered in ProVide formerly zFTPServer through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user non-admin can craft a Junction Link in a directory he has full control of, breaking out of the sandbox...

8.8CVSS6.9AI score0.00359EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:10 p.m.•5 views

CVE-2020-11705

An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter...

9.8CVSS7AI score0.00328EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:49 p.m.•4 views

CVE-2020-11708

An issue was discovered in ProVide formerly zFTPServer through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE feature, which is for executing programs when certain events are triggered...

9.8CVSS7.3AI score0.0042EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by