VYPR

Ws FTP Server

by Ipswitch, Inc.

CVEs (19)

  • CVE-2006-4847Sep 19, 2006
    risk 0.10cvss epss 0.85

    Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.

  • CVE-2003-0772Sep 22, 2003
    risk 0.09cvss epss 0.72

    Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.

  • CVE-2004-1135Jan 10, 2005
    risk 0.07cvss epss 0.50

    Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.

  • CVE-2008-0590Feb 5, 2008
    risk 0.05cvss epss 0.22

    Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.

  • CVE-2006-5000Sep 26, 2006
    risk 0.05cvss epss 0.64

    Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on…

  • CVE-2008-5692Dec 19, 2008
    risk 0.04cvss epss 0.08

    Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account…

  • CVE-2006-4974Sep 25, 2006
    risk 0.03cvss epss 0.04

    Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.

  • CVE-2004-1883Dec 31, 2004
    risk 0.03cvss epss 0.05

    Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long…

  • CVE-2006-5001Sep 26, 2006
    risk 0.02cvss epss 0.32

    Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on…

  • CVE-2004-1848Dec 31, 2004
    risk 0.01cvss epss 0.08

    Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.

  • CVE-2024-7744Aug 28, 2024
    risk 0.00cvss epss 0.01

    In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal.   An authenticated…

  • CVE-2019-12145Jun 11, 2019
    risk 0.00cvss epss 0.05

    A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system.

  • CVE-2019-12144Jun 11, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a…

  • CVE-2019-12143Jun 11, 2019
    risk 0.00cvss epss 0.02

    A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.

  • CVE-2008-5693Dec 19, 2008
    risk 0.00cvss epss 0.03

    Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.

  • CVE-2007-0666Feb 2, 2007
    risk 0.00cvss epss 0.02

    Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.

  • CVE-2004-1885Dec 31, 2004
    risk 0.00cvss epss 0.04

    Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.

  • CVE-2004-1884Mar 23, 2004
    risk 0.00cvss epss 0.06

    Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.

  • CVE-1999-0362Feb 2, 1999
    risk 0.00cvss epss 0.02

    WS_FTP server remote denial of service through cwd command.