Lucene search
K

13 matches found

CVE
CVE
added 2023/09/27 2:48 p.m.448 views

CVE-2023-40044

CVE-2023-40044 affects Progress Software WS_FTP Server, exploiting a deserialization flaw in the Ad Hoc Transfer module to achieve remote code execution. A pre-authenticated attacker can trigger this via the vulnerable .NET deserialization path in WS_FTP Server versions prior to 8.7.4 (and 8.8.2)...

10CVSS9.3AI score0.9015EPSS
In wildWeb
CVE
CVE
added 2019/06/11 8:54 p.m.103 views

CVE-2019-12143

CVE-2019-12143 affects Progress IPswitch WS_FTP Server (Windows) prior to 8.6.1. The vulnerability is a directory traversal in SSHServerAPI.dll that an attacker can trigger via SCP protocol by supplying specially crafted strings to disclose WS_FTP usernames and filenames. The issue impacts the SC...

5.3CVSS5.2AI score0.01991EPSS
CVE
CVE
added 2023/11/07 3:13 p.m.93 views

CVE-2023-42659

The CVE concerns Progress WS_FTP Server. Versions prior to 8.7.6 and 8.8.4 are affected by an unrestricted file upload flaw in the Ad Hoc Transfer module: an authenticated Ad Hoc Transfer user can craft an API call to upload a file to a location on the host OS running WS_FTP Server. Documented im...

9.1CVSS9AI score0.00896EPSS
CVE
CVE
added 2024/02/21 3:33 p.m.82 views

CVE-2024-1474

WS_FTP Server prior to 8.8.5 is affected by reflected cross-site scripting in the administrative interface, arising from handling of various user-supplied inputs. The issue is documented across multiple sources as a vulnerability in WS_FTP Server versions before 8.8.5. A remediation action is to ...

7.5CVSS7.5AI score0.0045EPSS
CVE
CVE
added 2024/08/28 4:30 p.m.79 views

CVE-2024-7744

CVE-2024-7744 affects Progress WS_FTP Server prior to 8.8.8 (2022.0.8). The flaw is a Path Traversal in the Web Transfer Module that enables file discovery, probing system files, and user-controlled filename manipulation; additionally, an authenticated API call can download a file from an arbitra...

6.5CVSS6.7AI score0.00688EPSS
CVE
CVE
added 2023/09/27 2:49 p.m.68 views

CVE-2023-42657

CVE-2023-42657 affects Progress WS_FTP Server, in versions prior to 8.7.4 and 8.8.2. The vulnerability is a directory traversal flaw in the server’s file handling that allows an unauthenticated or less-privileged user to perform file operations (delete, rename, rmdir, mkdir) outside the designate...

9.9CVSS9AI score0.17025EPSS
CVE
CVE
added 2024/08/28 4:31 p.m.62 views

CVE-2024-7745

The CVE-2024-7745 issue affects Progress WS_FTP Server older than 8.8.8 (2022.0.8): a Missing Critical Step in the Web Transfer Module’s Multi-Factor Authentication allows bypass of second-factor verification, enabling login with only username and password. Impact is user authentication bypass, w...

8.1CVSS7AI score0.00365EPSS
CVE
CVE
added 2023/09/27 2:50 p.m.54 views

CVE-2023-40047

WS_FTP Server versions prior to 8.8.2 are affected by a stored XSS in the Management module. An administrator could import an SSL certificate with malicious attributes that stores an XSS payload, enabling execution of JavaScript in the admin’s browser. Remediation per vendor guidance is to update...

8.3CVSS5.8AI score0.00409EPSS
CVE
CVE
added 2023/02/03 12:0 a.m.48 views

CVE-2023-24029

Progress WS_FTP Server before 8.8 contains a privilege-escalation flaw where a host administrator can elevate privileges through the administrative interface due to insufficient authorization controls on the user-modification workflows. This affects WS_FTP Server versions prior to 8.8. The issue ...

7.2CVSS6.9AI score0.00887EPSS
CVE
CVE
added 2023/09/27 2:49 p.m.47 views

CVE-2023-40045

CVE-2023-40045 is a reflected cross-site scripting (XSS) vulnerability in WS_FTP Server’s Ad Hoc Transfer module, affecting versions prior to 8.7.4 and 8.8.2. The flaw allows an attacker to deliver a payload that executes malicious JavaScript in the victim’s browser. Root cause: lack of proper in...

8.3CVSS6.4AI score0.00895EPSS
CVE
CVE
added 2023/09/27 2:50 p.m.47 views

CVE-2023-40046

CVE-2023-40046 affects Progress WS_FTP Server: SQL injection in the WS_FTP Server manager interface present in versions prior to 8.7.4 and 8.8.2. The vulnerability allows an attacker to infer database structure and contents and to execute SQL statements that can alter or delete database elements....

8.2CVSS7.6AI score0.00854EPSS
CVE
CVE
added 2023/09/27 2:52 p.m.47 views

CVE-2023-40049

Summary of CVE-2023-40049 : In WS_FTP Server versions prior to 8.8.2, an unauthenticated user could enumerate files in the WebServiceHost directory listing, exposing potential sensitive filenames. Multiple connected sources confirm this as a directory listing information-disclosure issue within W...

5.3CVSS5.7AI score0.00747EPSS
CVE
CVE
added 2023/09/27 2:51 p.m.46 views

CVE-2023-40048

CVE-2023-40048 affects Progress WS_FTP Server (Manager interface). The vulnerability is a CSRF flaw on a POST transaction used for an administrative function, present in versions prior to 8.8.2. Technical details in connected docs confirm the affected component and root cause (missing CSRF protec...

6.8CVSS6.8AI score0.00351EPSS