Vendor
South River Technologies
Products
3
CVEs
18
Across products
282
Status
Private
Products
3- 274 CVEs
- 6 CVEs
- 2 CVEs
Recent CVEs
18| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-25233 | Med | 0.40 | 6.2 | 0.00 | Mar 30, 2026 | WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash. | |
| CVE-2008-6082 | 0.08 | — | 0.64 | Feb 6, 2009 | Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command. | ||
| CVE-2010-2426 | 0.05 | — | 0.30 | Jun 24, 2010 | Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command. | ||
| CVE-2014-1843 | 0.03 | — | 0.04 | Apr 29, 2014 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter. | ||
| CVE-2014-1842 | 0.03 | — | 0.02 | Apr 29, 2014 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value. | ||
| CVE-2014-1841 | 0.03 | — | 0.04 | Apr 29, 2014 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter. | ||
| CVE-2009-4606 | 0.03 | — | 0.00 | Jan 13, 2010 | South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | ||
| CVE-2008-5281 | 0.03 | — | 0.01 | Nov 29, 2008 | Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command. | ||
| CVE-2008-0702 | 0.03 | — | 0.04 | Feb 12, 2008 | Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641. | ||
| CVE-2004-1641 | 0.03 | — | 0.01 | Aug 29, 2004 | Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. | ||
| CVE-2004-0437 | 0.03 | — | 0.01 | Jul 7, 2004 | Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket. | ||
| CVE-2023-45690 | 0.00 | — | 0.00 | Oct 16, 2023 | Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem | ||
| CVE-2023-45689 | 0.00 | — | 0.00 | Oct 16, 2023 | Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal | ||
| CVE-2023-45688 | 0.00 | — | 0.00 | Oct 16, 2023 | Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command | ||
| CVE-2023-45687 | 0.00 | — | 0.00 | Oct 16, 2023 | A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing | ||
| CVE-2023-45686 | 0.00 | — | 0.01 | Oct 16, 2023 | Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | ||
| CVE-2023-45685 | 0.00 | — | 0.00 | Oct 16, 2023 | Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | ||
| CVE-2010-2425 | 0.00 | — | 0.01 | Jun 24, 2010 | Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command. |