28 matches found
CVE-2023-40044
CVE-2023-40044 affects Progress Software WS_FTP Server, exploiting a deserialization flaw in the Ad Hoc Transfer module to achieve remote code execution. A pre-authenticated attacker can trigger this via the vulnerable .NET deserialization path in WS_FTP Server versions prior to 8.7.4 (and 8.8.2)...
CVE-2019-12143
CVE-2019-12143 affects Progress IPswitch WS_FTP Server (Windows) prior to 8.6.1. The vulnerability is a directory traversal in SSHServerAPI.dll that an attacker can trigger via SCP protocol by supplying specially crafted strings to disclose WS_FTP usernames and filenames. The issue impacts the SC...
CVE-2023-42659
The CVE concerns Progress WS_FTP Server. Versions prior to 8.7.6 and 8.8.4 are affected by an unrestricted file upload flaw in the Ad Hoc Transfer module: an authenticated Ad Hoc Transfer user can craft an API call to upload a file to a location on the host OS running WS_FTP Server. Documented im...
CVE-2024-1474
WS_FTP Server prior to 8.8.5 is affected by reflected cross-site scripting in the administrative interface, arising from handling of various user-supplied inputs. The issue is documented across multiple sources as a vulnerability in WS_FTP Server versions before 8.8.5. A remediation action is to ...
CVE-2024-7744
CVE-2024-7744 affects Progress WS_FTP Server prior to 8.8.8 (2022.0.8). The flaw is a Path Traversal in the Web Transfer Module that enables file discovery, probing system files, and user-controlled filename manipulation; additionally, an authenticated API call can download a file from an arbitra...
CVE-2022-27665
Summary (CVE-2022-27665): Progress Ipswitch WS_FTP Server 8.6.0 is affected by a reflected XSS vulnerability via AngularJS sandbox escape expressions, allowing an attacker to trigger client-side code by submitting crafted input in the subdirectory search bar or Add folder filename fields. The iss...
CVE-2023-42657
CVE-2023-42657 affects Progress WS_FTP Server, in versions prior to 8.7.4 and 8.8.2. The vulnerability is a directory traversal flaw in the server’s file handling that allows an unauthenticated or less-privileged user to perform file operations (delete, rename, rmdir, mkdir) outside the designate...
CVE-1999-1171
IPswitch WS_FTP contains a local privilege escalation flaw: by setting the flags registry key to 1920, a local user can gain additional privileges and modify or add mail accounts. The PT-1999-1600 entry confirms this issue but does not specify affected versions, and the original CVE description m...
CVE-2004-1848
Ipswitch WS_FTP Server 4.0.2 is affected by a remote denial-of-service vulnerability involving a REST command with an oversized size argument, followed by a STOR of a smaller file, which can cause disk consumption and bypass file-size restrictions. The issue is documented under CVE-2004-1848; rel...
CVE-2024-7745
The CVE-2024-7745 issue affects Progress WS_FTP Server older than 8.8.8 (2022.0.8): a Missing Critical Step in the Web Transfer Module’s Multi-Factor Authentication allows bypass of second-factor verification, enabling login with only username and password. Impact is user authentication bypass, w...
CVE-2006-4847
Ipswitch WS_FTP Server 5.05 has buffer overflows in the FTP commands XCRC, XSHA1 and XMD5 that can be exploited by an authenticated remote user to execute arbitrary code or cause a denial of service. Public exploit code exists (e.g., Metasploit modules for 5.05 XMD5/XCRC) and the recommended reme...
CVE-2004-1884
CVE-2004-1884 affects Ipswitch WS_FTP Server 4.0.2. The vulnerability is a backdoor: the XXSESS_MGRYY user with a default password can enable remote access, enabling partial confidentiality/integrity/availability impact as indicated by CVSS base vector AV:N/AC:L/Au:N/C:P/I:P/A:P. Public reference...
CVE-2004-1885
WS_FTP Server 4.0.2 is affected by CVE-2004-1885. The vulnerability allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify iFtpSvc options processed by iftpmgr.exe. This is a local/remote code-execution style impact described in the records, ...
CVE-2023-40047
WS_FTP Server versions prior to 8.8.2 are affected by a stored XSS in the Management module. An administrator could import an SSL certificate with malicious attributes that stores an XSS payload, enabling execution of JavaScript in the admin’s browser. Remediation per vendor guidance is to update...
CVE-1999-1170
IPswitch IMail vulnerability enables local privilege escalation by setting the registry key flags to 1920. The issue allows a local user to gain additional privileges and modify or add mail accounts, by manipulating the flags value in the registry. Affected versions are not specified in the provi...
CVE-2004-1643
CVE-2004-1643 affects WS_FTP Server (WS_FTP Server 5.0.2). The vulnerability allows remote authenticated users to cause a denial of service by issuing a CD command with an invalid path containing a "../" sequence, leading to CPU consumption. Public sources consistently describe remote DoS due to ...
CVE-2001-1021
WS_FTP Server (Ipswitch) before version 2.0.3 is affected by a buffer overflow vulnerability (CVE-2001-1021) that can be triggered by long arguments to multiple FTP commands (DELE, MDTM, MLST, MKD, RMD, RNFR, RNTO, SIZE, STAT, XMKD, XRMD). The connected OpenVAS/Nessus entries corroborate a remote...
CVE-2006-5000
Ipswitch WS_FTP Server is affected: versions 5.0 through 5.05 before Hotfix 1 contain buffer overflows in the parsing of long arguments to XCRC, XMD5, and XSHA1 commands, leading to a stack overflow. The ZDI advisory notes remote code execution possible with valid or anonymous credentials; vendor...
CVE-2003-0772
WS_FTP 3 and 4 are affected by multiple buffer overflows triggered by long APPE (append) or STAT (status) arguments, enabling remote authenticated users to cause a denial of service and potentially execute arbitrary code. Affected software: WS_FTP versions 3 and 4. Root cause: buffer overflows in...
CVE-2004-1883
The CVE-2004-1883 issue affects Ipswitch WS_FTP Server 4.0.2. It describes two buffer-overflow routes: (1) via a large error string generated by the ALLO handler that could let remote authenticated users execute arbitrary code, and (2) via a long hostname or username inserted into a reply to a ST...
CVE-2023-24029
Progress WS_FTP Server before 8.8 contains a privilege-escalation flaw where a host administrator can elevate privileges through the administrative interface due to insufficient authorization controls on the user-modification workflows. This affects WS_FTP Server versions prior to 8.8. The issue ...
CVE-2023-40046
CVE-2023-40046 affects Progress WS_FTP Server: SQL injection in the WS_FTP Server manager interface present in versions prior to 8.7.4 and 8.8.2. The vulnerability allows an attacker to infer database structure and contents and to execute SQL statements that can alter or delete database elements....
CVE-2023-40045
CVE-2023-40045 is a reflected cross-site scripting (XSS) vulnerability in WS_FTP Server’s Ad Hoc Transfer module, affecting versions prior to 8.7.4 and 8.8.2. The flaw allows an attacker to deliver a payload that executes malicious JavaScript in the victim’s browser. Root cause: lack of proper in...
CVE-2023-40048
CVE-2023-40048 affects Progress WS_FTP Server (Manager interface). The vulnerability is a CSRF flaw on a POST transaction used for an administrative function, present in versions prior to 8.8.2. Technical details in connected docs confirm the affected component and root cause (missing CSRF protec...
CVE-2023-40049
Summary of CVE-2023-40049 : In WS_FTP Server versions prior to 8.8.2, an unauthenticated user could enumerate files in the WebServiceHost directory listing, exposing potential sensitive filenames. Multiple connected sources confirm this as a directory listing information-disclosure issue within W...
CVE-2008-0590
CVE-2008-0590 — Ipswitch WS_FTP Server with SSH 6.1.0.0 is affected by a buffer overflow triggered by a long opendir command. The vulnerability allows remote authenticated users to crash the service and potentially execute arbitrary code. Affected versions are WS_FTP Server prior to 6.1.1 (per Ne...
CVE-2002-0826
Summary: CVE-2002-0826 affects WS_FTP Server versions prior to 3.1.2. Affected component: the CPWD command handling in WS_FTP Server. Root cause: unchecked/buffer overflow when processing long CPWD arguments, enabling a remote attacker with authentication to potentially execute arbitrary code. Im...
CVE-2006-5001
WS_FTP Server (Ipswitch) • Vulnerable: versions prior to 5.05 Hotfix 1. The log analyzer fails to display certain sensitive information in the Files and Summary tabs. Root cause details are not provided in the connected docs. Remediation: apply 5.05 Hotfix 1 to resolve the issue.