3 matches found
CVE-2019-16116
CVE-2019-16116 affects EnterpriseDT CompleteFTP Server prior to version 12.1.3, where the Bootstrap.log file could leak the administrator password hash. Public sources describe a path where installation logging obscures the password, enabling an attacker to obtain credentials if remote administra...
CVE-2019-16864
Affected product: EnterpriseDT CompleteFTP Server. Vulnerable if running CompleteFTP before 12.1.4; RCE via SSH: CompleteFTPService.exe executes the attacker’s command as SYSTEM, triggered by a Windows user with SSH access. Impact: remote code execution without user interaction. Remediation: upgr...
CVE-2022-2560
CVE-2022-2560 affects EnterpriseDT CompleteFTP Server (version 22.1.0) with a flaw in the HttpFile class that fails to validate a user-supplied path before file operations. This allows remote attackers to delete arbitrary files with SYSTEM privileges and no authentication. Multiple connected sour...