Ws FTP Server
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-42657 | 0.00 | — | 0.17 | Sep 27, 2023 | In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder… | |||
| CVE-2022-27665 | 0.00 | — | 0.33 | Apr 3, 2023 | Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory… | |||
| CVE-2023-24029 | 0.00 | — | 0.01 | Feb 3, 2023 | In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. | |||
| CVE-2022-36968 | 0.00 | — | 0.00 | Aug 2, 2022 | In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. | |||
| CVE-2022-36967 | 0.00 | — | 0.01 | Aug 2, 2022 | In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would… | |||
| CVE-2004-1885 | 0.00 | — | 0.04 | Dec 31, 2004 | Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. | |||
| CVE-2004-1884 | 0.00 | — | 0.06 | Mar 23, 2004 | Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. |
- CVE-2023-42657Sep 27, 2023risk 0.00cvss —epss 0.17
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder…
- CVE-2022-27665Apr 3, 2023risk 0.00cvss —epss 0.33
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory…
- CVE-2023-24029Feb 3, 2023risk 0.00cvss —epss 0.01
In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.
- CVE-2022-36968Aug 2, 2022risk 0.00cvss —epss 0.00
In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.
- CVE-2022-36967Aug 2, 2022risk 0.00cvss —epss 0.01
In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would…
- CVE-2004-1885Dec 31, 2004risk 0.00cvss —epss 0.04
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.
- CVE-2004-1884Mar 23, 2004risk 0.00cvss —epss 0.06
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
Page 2 of 2