VYPR

Ws FTP Server

by Progress (organisation)

CVEs (27)

  • CVE-2023-42657Sep 27, 2023
    risk 0.00cvss epss 0.17

    In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.  An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder…

  • CVE-2022-27665Apr 3, 2023
    risk 0.00cvss epss 0.33

    Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory…

  • CVE-2023-24029Feb 3, 2023
    risk 0.00cvss epss 0.01

    In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.

  • CVE-2022-36968Aug 2, 2022
    risk 0.00cvss epss 0.00

    In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.

  • CVE-2022-36967Aug 2, 2022
    risk 0.00cvss epss 0.01

    In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would…

  • CVE-2004-1885Dec 31, 2004
    risk 0.00cvss epss 0.04

    Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.

  • CVE-2004-1884Mar 23, 2004
    risk 0.00cvss epss 0.06

    Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.

Page 2 of 2