13 matches found
CVE-2023-40044
CVE-2023-40044 affects Progress Software WS_FTP Server, exploiting a deserialization flaw in the Ad Hoc Transfer module to achieve remote code execution. A pre-authenticated attacker can trigger this via the vulnerable .NET deserialization path in WS_FTP Server versions prior to 8.7.4 (and 8.8.2)...
CVE-2019-12143
CVE-2019-12143 affects Progress IPswitch WS_FTP Server (Windows) prior to 8.6.1. The vulnerability is a directory traversal in SSHServerAPI.dll that an attacker can trigger via SCP protocol by supplying specially crafted strings to disclose WS_FTP usernames and filenames. The issue impacts the SC...
CVE-2023-42659
The CVE concerns Progress WS_FTP Server. Versions prior to 8.7.6 and 8.8.4 are affected by an unrestricted file upload flaw in the Ad Hoc Transfer module: an authenticated Ad Hoc Transfer user can craft an API call to upload a file to a location on the host OS running WS_FTP Server. Documented im...
CVE-2024-1474
WS_FTP Server prior to 8.8.5 is affected by reflected cross-site scripting in the administrative interface, arising from handling of various user-supplied inputs. The issue is documented across multiple sources as a vulnerability in WS_FTP Server versions before 8.8.5. A remediation action is to ...
CVE-2024-7744
CVE-2024-7744 affects Progress WS_FTP Server prior to 8.8.8 (2022.0.8). The flaw is a Path Traversal in the Web Transfer Module that enables file discovery, probing system files, and user-controlled filename manipulation; additionally, an authenticated API call can download a file from an arbitra...
CVE-2023-42657
CVE-2023-42657 affects Progress WS_FTP Server, in versions prior to 8.7.4 and 8.8.2. The vulnerability is a directory traversal flaw in the server’s file handling that allows an unauthenticated or less-privileged user to perform file operations (delete, rename, rmdir, mkdir) outside the designate...
CVE-2024-7745
The CVE-2024-7745 issue affects Progress WS_FTP Server older than 8.8.8 (2022.0.8): a Missing Critical Step in the Web Transfer Module’s Multi-Factor Authentication allows bypass of second-factor verification, enabling login with only username and password. Impact is user authentication bypass, w...
CVE-2023-40047
WS_FTP Server versions prior to 8.8.2 are affected by a stored XSS in the Management module. An administrator could import an SSL certificate with malicious attributes that stores an XSS payload, enabling execution of JavaScript in the admin’s browser. Remediation per vendor guidance is to update...
CVE-2023-24029
Progress WS_FTP Server before 8.8 contains a privilege-escalation flaw where a host administrator can elevate privileges through the administrative interface due to insufficient authorization controls on the user-modification workflows. This affects WS_FTP Server versions prior to 8.8. The issue ...
CVE-2023-40045
CVE-2023-40045 is a reflected cross-site scripting (XSS) vulnerability in WS_FTP Server’s Ad Hoc Transfer module, affecting versions prior to 8.7.4 and 8.8.2. The flaw allows an attacker to deliver a payload that executes malicious JavaScript in the victim’s browser. Root cause: lack of proper in...
CVE-2023-40046
CVE-2023-40046 affects Progress WS_FTP Server: SQL injection in the WS_FTP Server manager interface present in versions prior to 8.7.4 and 8.8.2. The vulnerability allows an attacker to infer database structure and contents and to execute SQL statements that can alter or delete database elements....
CVE-2023-40049
Summary of CVE-2023-40049 : In WS_FTP Server versions prior to 8.8.2, an unauthenticated user could enumerate files in the WebServiceHost directory listing, exposing potential sensitive filenames. Multiple connected sources confirm this as a directory listing information-disclosure issue within W...
CVE-2023-40048
CVE-2023-40048 affects Progress WS_FTP Server (Manager interface). The vulnerability is a CSRF flaw on a POST transaction used for an administrative function, present in versions prior to 8.8.2. Technical details in connected docs confirm the affected component and root cause (missing CSRF protec...