EUVD-2011-4635

Malware in sbrugna...

CVE-2020-11703

An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter...

CVE-2011-4717

Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD aka rmdir command...

CVE-2020-11706

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server...

CVE-2020-11708

An issue was discovered in ProVide formerly zFTPServer through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE feature, which is for executing programs when certain events are triggered...

CVE-2020-11705

An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter...

CVE-2020-11705

An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter...

CVE-2020-11707

An issue was discovered in ProVide formerly zFTPServer through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user non-admin can craft a Junction Link in a directory he has full control of, breaking out of the sandbox...

CVE-2020-11702

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

Format string

An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter...

Cross site scripting

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

Cross site scripting

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter...

Privilege escalation

An issue was discovered in ProVide formerly zFTPServer through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE feature, which is for executing programs when certain events are triggered...

CVE-2020-11701

An issue was discovered in ProVide formerly zFTPServer through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories...

CVE-2020-11701

ProVide (formerly zFTPServer) up to version 13.1 contains a CSRF vulnerability in the User Web Interface that allows an attacker to grant filesystem access to the public for uploading and deleting files and directories. The issue is described across multiple sources (NVD entry CVE-2020-11701 and ...

CVE-2020-11702

The CVE-2020-11702 entry affects ProVide (formerly zFTPServer) up to version 13.1, specifically its User Web Interface. The vulnerability consists of multiple stored and reflected cross-site scripting (XSS) flaws. Details from connected sources specify: Collaborate module: reflected via the filen...

CVE-2020-11702

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

CVE-2020-11704

ProVide (formerly zFTPServer) Admin Web Interface up to version 13.1 is affected by multiple Cross-Site Scripting (XSS) issues described as stored and reflected XSS. GetInheritedProperties is reflected via the groups parameter; GetUserInfo is reflected via POST data; SetUserInfo is stored via the...

CVE-2020-11704

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter...

CVE-2020-11705

The CVE-2020-11705 issue affects ProVide (formerly zFTPServer)