PT-2024-27454 · Unknown · Woocommerce +1

Name of the Vulnerable Software and Affected Versions: WooCommerce versions 8.8 through 8.8.4 WooCommerce versions 8.9 through 8.9.2 Description: A cross-site scripting vulnerability in WooCommerce allows a bad actor to manipulate a link to include malicious HTML and JavaScript content. The...

Progress WS_FTP Server < 8.7.6, 8.8.x < 8.8.4 Arbitrary File Upload

The remote host is running a version of WSFTP earlier than 8.7.6 or 8.8.x prior to 8.8.4. It is, therefore, affected by an arbitrary file upload vulnerability in the Ad Hoc Transfer Mode module. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload...

CVE-2023-42659

In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...

PT-2023-28488 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.7.6 WS FTP Server versions prior to 8.8.4 Description: An issue has been identified in WS FTP Server where an authenticated Ad Hoc Transfer user can upload a file to a specified location on the underlying...