WS FTP Server 5.0.5 Denial of Service

WS FTP Server version 5.0.5 proof of concept denial of service exploit that leverages a flaw found by Fernando Mengali in 2024. ============================================================================================================================================= | Title : WS FTP Server 5.0...

CVE-2024-9999 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

CVE-2024-7745

In WSFTP Server versions before 8.8.8 2022.0.8, a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

Progress Software WS_FTP Server Security Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.5 that stems from the presence of a cross-site scripting vulnerability...

CVE-2023-42659

In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...

PT-2023-28488 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.7.6 WS FTP Server versions prior to 8.8.4 Description: An issue has been identified in WS FTP Server where an authenticated Ad Hoc Transfer user can upload a file to a specified location on the underlying...

Exploit for Deserialization of Untrusted Data in Progress Ws_Ftp_Server

WSFTP-CVE-2023-40044 Repository with everything I have track...

CVE-2023-40046

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WSFTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements...

CVE-2023-40044

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...

CVE-2023-40045

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting XSS vulnerability exists in WSFTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WSFTP Server users with a specialized payload which results in the execution of malicious...

PT-2023-6101 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions 8.7.0 through 8.7.3 WS FTP Server versions 8.8.0 through 8.8.1 Description: A reflected cross-site scripting XSS vulnerability exists in WS FTP Server's Ad Hoc Transfer module. This vulnerability can be leveraged by an...

PT-2023-27235 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8.2 Description: An unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. Recommendations: For WS FTP Server versions prior to 8.8.2, update to version 8.8.2 or later to...

PT-2023-6494 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.7.4 WS FTP Server versions prior to 8.8.2 Description: A SQL injection vulnerability exists in the WS FTP Server manager interface. An attacker may be able to infer information about the structure and content...

WS_FTP Server SQL Injection Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A SQL injection vulnerability exists in WSFTP Server versions prior to 8.7.4, 8.8.2. An attacker exploiting this vulnerability is able to infer information about the structure and content ...

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

Progress ipswitch WS_FTP Server 跨站脚本漏洞

Progress ipswitch WSFTP Server is an FTP server software. A security vulnerability exists in Progress ipswitch WSFTP Server version 8.6.0 that originates from improper handling of user-supplied input. An attacker could exploit the vulnerability to execute malicious code and commands on the client...

CVE-2023-24029

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

CVE-2022-36967

In Progress WSFTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WSFTP administrator's web session. This would allow the attacker to...

PT-2022-23714 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: In Progress WS FTP Server versions prior to 8.7.3 Description: The issue concerns forms within the administrative interface that did not include a nonce, which is used to mitigate the risk of cross-site request forgery CSRF attacks. CSRF...

CVE-2019-12145

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system...