Provide Ftp Server Security Vulnerabilities and Issues — Provide Ftp Server CVE List

Lucene search

ProvideserverProvide Ftp Server

3 matches found

CVE•added 2020/04/12 3:15 a.m.•88 views

CVE-2020-11707

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user (non-admin) can craft a Junction Link in a directory he has full control of, breaking out of the sandbox.

8.8CVSS8.6AI score0.00359EPSS

CVE•added 2020/04/12 3:15 a.m.•86 views

CVE-2020-11706

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server.

8.8CVSS8.6AI score0.00216EPSS

CVE•added 2020/04/12 3:15 a.m.•84 views

CVE-2020-11701

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories.

8.8CVSS8.6AI score0.00216EPSS