Titan FTP Server
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-44685 | Med | 0.33 | 5.0 | 0.00 | Sep 13, 2024 | Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI. | ||
| CVE-2008-6082 | 0.07 | — | 0.45 | Feb 6, 2009 | Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command. | |||
| CVE-2010-2426 | 0.04 | — | 0.12 | Jun 24, 2010 | Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command. | |||
| CVE-2008-5281 | 0.04 | — | 0.06 | Nov 29, 2008 | Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command. | |||
| CVE-2008-0702 | 0.04 | — | 0.08 | Feb 12, 2008 | Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than… | |||
| CVE-2004-1641 | 0.04 | — | 0.08 | Aug 29, 2004 | Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. | |||
| CVE-2004-0437 | 0.04 | — | 0.08 | Jul 7, 2004 | Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket. | |||
| CVE-2019-10009 | 0.03 | — | 0.11 | Jun 3, 2019 | A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside… | |||
| CVE-2014-1843 | 0.03 | — | 0.05 | Apr 29, 2014 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter. | |||
| CVE-2014-1842 | 0.03 | — | 0.05 | Apr 29, 2014 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value. | |||
| CVE-2014-1841 | 0.03 | — | 0.05 | Apr 29, 2014 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter. | |||
| CVE-2010-2425 | 0.00 | — | 0.01 | Jun 24, 2010 | Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command. |
- risk 0.33cvss 5.0epss 0.00
Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI.
- CVE-2008-6082Feb 6, 2009risk 0.07cvss —epss 0.45
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
- CVE-2010-2426Jun 24, 2010risk 0.04cvss —epss 0.12
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.
- CVE-2008-5281Nov 29, 2008risk 0.04cvss —epss 0.06
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.
- CVE-2008-0702Feb 12, 2008risk 0.04cvss —epss 0.08
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than…
- CVE-2004-1641Aug 29, 2004risk 0.04cvss —epss 0.08
Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST.
- CVE-2004-0437Jul 7, 2004risk 0.04cvss —epss 0.08
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket.
- CVE-2019-10009Jun 3, 2019risk 0.03cvss —epss 0.11
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside…
- CVE-2014-1843Apr 29, 2014risk 0.03cvss —epss 0.05
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
- CVE-2014-1842Apr 29, 2014risk 0.03cvss —epss 0.05
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
- CVE-2014-1841Apr 29, 2014risk 0.03cvss —epss 0.05
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
- CVE-2010-2425Jun 24, 2010risk 0.00cvss —epss 0.01
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command.