13 matches found
CVE-2019-12144
CVE-2019-12144 affects Progress IPSwitch WS_FTP Server 2018 (before 8.6.1). The issue is in SSHServerAPI.dll and enables path traversal via SCP, with potential remote code execution by crafting a payload that abuses the SITE command feature. Multiple connected sources (NVD entry, CNVD entry, PRIO...
CVE-2019-12146
CVE-2019-12146 affects Progress Ipswitch WS_FTP Server 2018 before 8.6.1. Vulnerable component: SSHServerAPI.dll; SCP listener flaw allows crafted strings to write files and create directories outside the authorized directory. Attack surface is network-exposed; impact includes potential unauthori...
CVE-2019-12145
CVE-2019-12145 affects Progress IPSwitch WS_FTP Server 2018 up to version 8.6.0. The flaw resides in SSHServerAPI.dll, allowing a directory-traversal via crafted strings sent over SCP, enabling an attacker to disclose pathnames on the host operating system. The vulnerability is a path-disclosure ...
CVE-2004-1135
CVE-2004-1135 affects Ipswitch WS_FTP Server 5.03. A buffer overflow in the MKD (and related) FTP commands can crash the service (DoS) and, per advisories, may allow code execution with SYSTEM privileges. Exploit activity is documented (Metasploit module for WS_FTP 5.03 MKD overflow; MITRE CVE en...
CVE-2004-1848
Ipswitch WS_FTP Server 4.0.2 is affected by a remote denial-of-service vulnerability involving a REST command with an oversized size argument, followed by a STOR of a smaller file, which can cause disk consumption and bypass file-size restrictions. The issue is documented under CVE-2004-1848; rel...
CVE-2006-4847
Ipswitch WS_FTP Server 5.05 has buffer overflows in the FTP commands XCRC, XSHA1 and XMD5 that can be exploited by an authenticated remote user to execute arbitrary code or cause a denial of service. Public exploit code exists (e.g., Metasploit modules for 5.05 XMD5/XCRC) and the recommended reme...
CVE-2004-1884
CVE-2004-1884 affects Ipswitch WS_FTP Server 4.0.2. The vulnerability is a backdoor: the XXSESS_MGRYY user with a default password can enable remote access, enabling partial confidentiality/integrity/availability impact as indicated by CVSS base vector AV:N/AC:L/Au:N/C:P/I:P/A:P. Public reference...
CVE-1999-0362
The CVE is for WS_FTP Server DoS via the CWD command. Affected software is WS_FTP Server; vulnerability arises when a CWD command with a long argument crashes the service, leading to a denial of service (availability impact). Public references describe this as a remote DoS issue with the CWD hand...
CVE-2006-5000
Ipswitch WS_FTP Server is affected: versions 5.0 through 5.05 before Hotfix 1 contain buffer overflows in the parsing of long arguments to XCRC, XMD5, and XSHA1 commands, leading to a stack overflow. The ZDI advisory notes remote code execution possible with valid or anonymous credentials; vendor...
CVE-2003-0772
WS_FTP 3 and 4 are affected by multiple buffer overflows triggered by long APPE (append) or STAT (status) arguments, enabling remote authenticated users to cause a denial of service and potentially execute arbitrary code. Affected software: WS_FTP versions 3 and 4. Root cause: buffer overflows in...
CVE-2006-4974
CVE-2006-4974 affects Ipswitch WS_FTP Limited Edition 5.08. A buffer overflow in the FTP server’s handling of PASV responses allows a remote attacker to execute arbitrary code. The advisory states remote code execution is possible via a long PASV reply, signaling a high-severity, network-exposed ...
CVE-2007-0666
IPSwith WS_FTP Server 5.04 is affected by CVE-2007-0666. A long input string to the iFTPAddU or iFTPAddH file, or to an edition module, triggers arbitrary code execution on the server due to improper input handling. The connected sources identify the affected component and the root cause (input h...
CVE-2006-5001
WS_FTP Server (Ipswitch) • Vulnerable: versions prior to 5.05 Hotfix 1. The log analyzer fails to display certain sensitive information in the Files and Summary tabs. Root cause details are not provided in the connected docs. Remediation: apply 5.05 Hotfix 1 to resolve the issue.