Lucene search
K
WftpserverWing Ftp Server

20 matches found

CVE
CVE
•added 2025/07/10 12:0 a.m.•379 views

CVE-2025-47812

CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server, affecting versions before 7.4.4. The root cause is improper handling of null bytes ('\0') in user/admin web interfaces, allowing injection of arbitrary Lua code into user session files. The injected code can execute comma...

10CVSS8.7AI score0.95343EPSS
In wildWeb
CVE
CVE
•added 2020/03/06 11:33 p.m.•234 views

CVE-2020-8635

CVE-2020-8635 affects Wing FTP Server v6.2.3 on Linux, macOS and Solaris. The root cause is insecure permissions on installation directories and configuration files, enabling local attackers to arbitrarily create FTP users with full privileges and escalate privileges by modifying system files. An...

7.8CVSS7.5AI score0.00807EPSS
CVE
CVE
•added 2020/03/06 11:33 p.m.•232 views

CVE-2020-8634

CVE-2020-8634 affects Wing FTP Server v6.2.3 on Linux, macOS and Solaris. The HTTP file management interface saves edited files with world-readable and world-writable permissions, enabling a low-privilege user to escalate to root by modifying sensitive system files. The connected data confirms th...

7.8CVSS7.7AI score0.00426EPSS
Web
CVE
CVE
•added 2020/03/07 12:20 a.m.•214 views

CVE-2020-9470

CVE-2020-9470 affects Wing FTP Server up to version 6.2.5, where insecure permissions on session and session_admin cookies allow a local user to read active sessions and hijack user/admin sessions. This can enable the attacker to execute Lua commands as root within the administration panel, effec...

7.8CVSS7.6AI score0.00583EPSS
Web
CVE
CVE
•added 2023/09/12 8:15 a.m.•129 views

CVE-2023-37879

CVE-2023-37879 affects Wing FTP Server (User Web Client) up to version 7.2.0, where insecure storage of sensitive information enables information elicitation. Multiple sources confirm the issue as a sensitive-info disclosure via the User Web Client, with impact on confidentiality and no indicatio...

7.5CVSS6.6AI score0.0045EPSS
CVE
CVE
•added 2025/05/26 1:31 p.m.•67 views

CVE-2025-5196

CVE-2025-5196 affects Wing FTP Server up to 7.4.3, via the Lua Admin Console, granting execution with unnecessary privileges. Exploitation appears remote and authenticated (PoC exists). Upgrade to version 7.4.4 to address the issue; vendor notes recommend running the service as a Normal User for ...

7.5CVSS6.6AI score0.00846EPSS
CVE
CVE
•added 2025/07/10 12:0 a.m.•64 views

CVE-2025-47813

Technical details for CVE-2025-47813 are not publicly available in the provided connected documents. Monitor for updates. Initial description notes an information disclosure related to UID cookie length, but no technical specifics are provided here.

4.3CVSS6.4AI score0.56366EPSS
In wild
CVE
CVE
•added 2010/06/23 5:13 p.m.•63 views

CVE-2010-2428

CVE-2010-2428 affects Wing FTP Server for Windows 3.5.0 and earlier; the admin_loginok.html page is vulnerable to cross-site scripting via a crafted POST, allowing an authenticated remote attacker to inject arbitrary script/HTML in the user’s browser. Several sources (NVD, OpenVAS, Nessus) corrob...

4.3CVSS5.8AI score0.01994EPSS
CVE
CVE
•added 2021/01/20 10:56 p.m.•59 views

CVE-2020-27735

Wing FTP 6.4.4 web interface is vulnerable to a Cross‑Site Scripting (XSS) flaw. An arbitrary IFRAME can be injected into help pages via a crafted link, causing sandboxed HTML/JavaScript to execute in the victim’s browser. Affected component: the web interface of Wing FTP Server 6.4.4. Root cause...

6.1CVSS5.9AI score0.05626EPSS
CVE
CVE
•added 2023/09/12 8:14 a.m.•59 views

CVE-2023-37881

The CVE-2023-37881 entry concerns Wing FTP Server (Admin Web Client), with a root cause described as weak access control that enables privilege escalation. Affected version range is Wing FTP Server

8.8CVSS6.2AI score0.00456EPSS
CVE
CVE
•added 2023/09/12 8:17 a.m.•54 views

CVE-2023-37875

CVE-2023-37875 affects Wing FTP Server ≤ 7.2.0 via the User Web Client, where improper encoding/escaping of output causes a Cross-Site Scripting (XSS) vulnerability. The issue is documented across multiple sources (NVD, CVE lists) with the root cause described as incorrect output encoding. Exploi...

5.4CVSS4.3AI score0.00249EPSS
CVE
CVE
•added 2025/07/10 12:0 a.m.•52 views

CVE-2025-47811

Wing FTP Server (versions up to 7.4.4) is affected by CVE-2025-47811: the admin web interface runs as root/SYSTEM by default, and the web app exposes legitimate ways to execute system commands which are executed with the highest privileges. This creates a potential privilege escalation via the we...

6.6CVSS9.7AI score0.03513EPSS
CVE
CVE
•added 2015/06/10 6:0 p.m.•51 views

CVE-2015-4108

CVE-2015-4108 affects Wing FTP Server up to version 4.4.6. The vulnerability is a set of cross-site request forgery (CSRF) flaws in the admin interface that can hijack administrator authentication for requests to admin_lua_script.html (arbitrary code execution potential) or admin_addadmin.html (a...

6.8CVSS8.1AI score0.0237EPSS
CVE
CVE
•added 2023/09/12 8:16 a.m.•48 views

CVE-2023-37878

CVE-2023-37878 describes an insecure default permission issue in the Wing FTP Server Admin Web Client that enables privilege escalation on Wing FTP Server versions

8.8CVSS7AI score0.00432EPSS
CVE
CVE
•added 2012/10/26 10:0 a.m.•47 views

CVE-2012-4729

Wing FTP Server prior to 4.1.1 is vulnerable to an authenticated denial-of-service caused by parsing two ZIP commands, leading to daemon crash. Affected: Wing FTP Server versions before 4.1.1. Root cause: vulnerability arises during processing of multiple ZIP commands. Mitigation: upgrade to vers...

6.8CVSS6.4AI score0.02195EPSS
CVE
CVE
•added 2025/07/10 12:0 a.m.•40 views

CVE-2025-27889

Technical details for CVE-2025-27889 are not provided in the connected documents; the supplied materials focus on CVE-2025-47812 and lack specifics (product/version/impact) for CVE-2025-27889. Monitor for updates.

8.8CVSS7AI score0.0041EPSS
CVE
CVE
•added 2026/05/12 8:43 p.m.•33 views

CVE-2026-44403

Wing FTP Server 8.1.2 is affected: an authenticated remote code execution due to unsafe session serialization that injects Lua via the domain admin mydirectory field, leading to code execution when a poisoned session is loaded with loadfile(). Root cause: unsafe serialization of session values in...

8.6CVSS6.5AI score0.02643EPSS
Web
CVE
CVE
•added 2026/01/30 10:7 p.m.•19 views

CVE-2020-37032

Wing FTP Server 6.3.8 is affected by a remote code execution flaw in the Lua-based web console. The issue allows authenticated users to send crafted POST requests that trigger operating system commands via os.execute(), enabling arbitrary code execution on the server. Affected component: Lua-base...

8.8CVSS6.6AI score0.0104EPSS
CVE
CVE
•added 2026/02/06 11:16 p.m.•18 views

CVE-2020-37079

Wing FTP Server prior to version 6.2.7 is affected by a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows an attacker to delete admin users by crafting a malicious HTML page with a hidden form that submits a request without proper authorization. The i...

5.1CVSS5.2AI score0.0017EPSS
CVE
CVE
•added 2026/02/04 11:15 p.m.•13 views

CVE-2019-25267

Wing FTP Server 6.0.7 is affected by an unquoted service path vulnerability that lets local attackers insert and execute malicious executables with LocalSystem privileges. The issue stems from unquoted binary paths in the service configuration, enabling privilege escalation. Impact is described a...

8.5CVSS5.9AI score0.00222EPSS