VYPR
Vendor

South River Technologies

Products
6
CVEs
26
Across products
33
Status
Private

Products

6

Recent CVEs

26
View all 26 CVEs →
  • CVE-2018-25233MedMar 30, 2026
    risk 0.40cvss 6.2epss 0.00

    WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in…

  • CVE-2024-44685MedSep 13, 2024
    risk 0.33cvss 5.0epss 0.00

    Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI.

  • CVE-2023-22629Feb 14, 2023
    risk 0.08cvss epss 0.12

    An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.

  • CVE-2008-6082Feb 6, 2009
    risk 0.07cvss epss 0.45

    Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.

  • CVE-2010-2426Jun 24, 2010
    risk 0.04cvss epss 0.12

    Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.

  • CVE-2008-5281Nov 29, 2008
    risk 0.04cvss epss 0.06

    Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.

  • CVE-2008-0702Feb 12, 2008
    risk 0.04cvss epss 0.08

    Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than…

  • CVE-2004-1641Aug 29, 2004
    risk 0.04cvss epss 0.08

    Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST.

  • CVE-2004-0437Jul 7, 2004
    risk 0.04cvss epss 0.08

    Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket.

  • CVE-2019-10009Jun 3, 2019
    risk 0.03cvss epss 0.11

    A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside…

  • CVE-2014-1843Apr 29, 2014
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.

  • CVE-2014-1842Apr 29, 2014
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.

  • CVE-2014-1841Apr 29, 2014
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.

  • CVE-2009-4606Jan 13, 2010
    risk 0.03cvss epss 0.01

    South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath…

  • CVE-2024-1192Feb 2, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The…

  • CVE-2023-45690Oct 16, 2023
    risk 0.00cvss epss 0.01

    Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem

  • CVE-2023-45689Oct 16, 2023
    risk 0.00cvss epss 0.01

    Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal

  • CVE-2023-45688Oct 16, 2023
    risk 0.00cvss epss 0.01

    Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command

  • CVE-2023-45687Oct 16, 2023
    risk 0.00cvss epss 0.01

    A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing

  • CVE-2023-45686Oct 16, 2023
    risk 0.00cvss epss 0.01

    Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal