Lucene search
K
ProvideserverProvide Ftp Server

8 matches found

CVE
CVE
added 2020/04/12 2:43 a.m.107 views

CVE-2020-11705

The CVE-2020-11705 issue affects ProVide (formerly zFTPServer)

9.8CVSS9.3AI score0.00908EPSS
CVE
CVE
added 2020/04/12 2:44 a.m.105 views

CVE-2020-11702

The CVE-2020-11702 entry affects ProVide (formerly zFTPServer) up to version 13.1, specifically its User Web Interface. The vulnerability consists of multiple stored and reflected cross-site scripting (XSS) flaws. Details from connected sources specify: Collaborate module: reflected via the filen...

6.1CVSS5.9AI score0.00678EPSS
CVE
CVE
added 2020/04/12 2:44 a.m.105 views

CVE-2020-11703

CVE-2020-11703 describes an HTTP Response Splitting vulnerability in ProVide (formerly zFTPServer) up to version 13.1, exploitable via /ajax/GetInheritedProperties with the language parameter. The issue arises from insufficient input handling allowing CRLF-based splitting during response construc...

7.5CVSS7.5AI score0.00931EPSS
CVE
CVE
added 2020/04/12 2:43 a.m.102 views

CVE-2020-11704

ProVide (formerly zFTPServer) Admin Web Interface up to version 13.1 is affected by multiple Cross-Site Scripting (XSS) issues described as stored and reflected XSS. GetInheritedProperties is reflected via the groups parameter; GetUserInfo is reflected via POST data; SetUserInfo is stored via the...

6.1CVSS6.2AI score0.00678EPSS
CVE
CVE
added 2020/04/12 2:44 a.m.101 views

CVE-2020-11701

ProVide (formerly zFTPServer) up to version 13.1 contains a CSRF vulnerability in the User Web Interface that allows an attacker to grant filesystem access to the public for uploading and deleting files and directories. The issue is described across multiple sources (NVD entry CVE-2020-11701 and ...

8.8CVSS8.6AI score0.00496EPSS
CVE
CVE
added 2020/04/12 2:42 a.m.101 views

CVE-2020-11707

CVE-2020-11707 affects ProVide (formerly zFTPServer) up to version 13.1. The issue is that Windows Symlinks/Junctions permissions are not enforced, allowing a low-privilege user who has directory control to craft a Junction Link and break out of the sandbox. Exploitation details and impact are de...

8.8CVSS8.6AI score0.01003EPSS
CVE
CVE
added 2020/04/12 2:43 a.m.99 views

CVE-2020-11706

ProVide (formerly zFTPServer) 13.1 and earlier contains a Cross-Site Request Forgery (CSRF) flaw in the Admin Interface. The issue allows an attacker to perform privileged actions by forged requests, including changing usernames and passwords (admin accounts included), creating/deleting users, en...

8.8CVSS8.6AI score0.00496EPSS
CVE
CVE
added 2020/04/12 2:42 a.m.99 views

CVE-2020-11708

ProVide (formerly zFTPServer) up to version 13.1 has a privilege escalation flaw exposed via the /ajax/SetUserInfo parameter that leverages the EXECUTE() feature to run programs when certain events trigger. The issue is documented as CVE-2020-11708. The connected records confirm affected software...

9.8CVSS9.5AI score0.01564EPSS