CVE-2012-10028

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to surgeftpmgr.cgi. This can lead to full remote code execution on the underlying system...

NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)

NetWin SurgeFTP - Authenticated Admin Command Injection Metasploit require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands. , 'Author' = 'Spencer...

Surge-FTP 23b6 Cross Site Scripting

Exploit Title : Surge-FTP v23b6 Admin multiple reflected XSS Vulnerabilities Authored by : Houssam Sahli = backtronuxgmailcom Date : 16/08/2011 Vendor: NetWin Product web page: http://netwinsite.com download link : http://netwinsite.com/ftp/surgeftp/surgeftp23b6windows.exe Affected version: v23b6...

SurgeFTP 'surgeftpmgr.cgi' Multiple Cross Site Scripting Vulnerabilities

SurgeFTP is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2004-2318

The CVE-2004-2318 vulnerability affects SurgeFTP Server versions 1.0b to 2.2k1 and is triggered through the administrative interface, surgeftpmgr.cgi. A crafted request containing two percent (%) signs in the CMD parameter can cause a crash, resulting in a temporary denial of service. The availab...