Ws FTP Server
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-4847 | 0.10 | — | 0.85 | Sep 19, 2006 | Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. | |||
| CVE-2003-0772 | 0.09 | — | 0.72 | Sep 22, 2003 | Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments. | |||
| CVE-2004-1135 | 0.07 | — | 0.50 | Jan 10, 2005 | Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands. | |||
| CVE-2008-0590 | 0.05 | — | 0.22 | Feb 5, 2008 | Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command. | |||
| CVE-2006-5000 | 0.05 | — | 0.64 | Sep 26, 2006 | Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on… | |||
| CVE-2008-5692 | 0.04 | — | 0.08 | Dec 19, 2008 | Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account… | |||
| CVE-2006-4974 | 0.03 | — | 0.04 | Sep 25, 2006 | Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | |||
| CVE-2004-1883 | 0.03 | — | 0.05 | Dec 31, 2004 | Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long… | |||
| CVE-2006-5001 | 0.02 | — | 0.32 | Sep 26, 2006 | Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on… | |||
| CVE-2004-1848 | 0.01 | — | 0.08 | Dec 31, 2004 | Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. | |||
| CVE-2024-7744 | 0.00 | — | 0.01 | Aug 28, 2024 | In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated… | |||
| CVE-2019-12145 | 0.00 | — | 0.05 | Jun 11, 2019 | A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system. | |||
| CVE-2019-12144 | 0.00 | — | 0.03 | Jun 11, 2019 | An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a… | |||
| CVE-2019-12143 | 0.00 | — | 0.02 | Jun 11, 2019 | A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames. | |||
| CVE-2008-5693 | 0.00 | — | 0.03 | Dec 19, 2008 | Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | |||
| CVE-2007-0666 | 0.00 | — | 0.02 | Feb 2, 2007 | Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module. | |||
| CVE-2004-1885 | 0.00 | — | 0.04 | Dec 31, 2004 | Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. | |||
| CVE-2004-1884 | 0.00 | — | 0.06 | Mar 23, 2004 | Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. | |||
| CVE-1999-0362 | 0.00 | — | 0.02 | Feb 2, 1999 | WS_FTP server remote denial of service through cwd command. |
- CVE-2006-4847Sep 19, 2006risk 0.10cvss —epss 0.85
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
- CVE-2003-0772Sep 22, 2003risk 0.09cvss —epss 0.72
Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.
- CVE-2004-1135Jan 10, 2005risk 0.07cvss —epss 0.50
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.
- CVE-2008-0590Feb 5, 2008risk 0.05cvss —epss 0.22
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
- CVE-2006-5000Sep 26, 2006risk 0.05cvss —epss 0.64
Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on…
- CVE-2008-5692Dec 19, 2008risk 0.04cvss —epss 0.08
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account…
- CVE-2006-4974Sep 25, 2006risk 0.03cvss —epss 0.04
Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
- CVE-2004-1883Dec 31, 2004risk 0.03cvss —epss 0.05
Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long…
- CVE-2006-5001Sep 26, 2006risk 0.02cvss —epss 0.32
Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on…
- CVE-2004-1848Dec 31, 2004risk 0.01cvss —epss 0.08
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.
- CVE-2024-7744Aug 28, 2024risk 0.00cvss —epss 0.01
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated…
- CVE-2019-12145Jun 11, 2019risk 0.00cvss —epss 0.05
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system.
- CVE-2019-12144Jun 11, 2019risk 0.00cvss —epss 0.03
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a…
- CVE-2019-12143Jun 11, 2019risk 0.00cvss —epss 0.02
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.
- CVE-2008-5693Dec 19, 2008risk 0.00cvss —epss 0.03
Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.
- CVE-2007-0666Feb 2, 2007risk 0.00cvss —epss 0.02
Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.
- CVE-2004-1885Dec 31, 2004risk 0.00cvss —epss 0.04
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.
- CVE-2004-1884Mar 23, 2004risk 0.00cvss —epss 0.06
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
- CVE-1999-0362Feb 2, 1999risk 0.00cvss —epss 0.02
WS_FTP server remote denial of service through cwd command.