Vendor CVEs
South River Technologies
All CVEs
26 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-25233 | Med | 0.40 | 6.2 | 0.00 | Mar 30, 2026 | WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in… | ||
| CVE-2024-44685 | Med | 0.33 | 5.0 | 0.00 | Sep 13, 2024 | Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI. | ||
| CVE-2023-22629 | 0.08 | — | 0.12 | Feb 14, 2023 | An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem. | |||
| CVE-2008-6082 | 0.07 | — | 0.45 | Feb 6, 2009 | Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command. | |||
| CVE-2010-2426 | 0.04 | — | 0.12 | Jun 24, 2010 | Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command. | |||
| CVE-2008-5281 | 0.04 | — | 0.06 | Nov 29, 2008 | Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command. | |||
| CVE-2008-0702 | 0.04 | — | 0.08 | Feb 12, 2008 | Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than… | |||
| CVE-2004-1641 | 0.04 | — | 0.08 | Aug 29, 2004 | Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. | |||
| CVE-2004-0437 | 0.04 | — | 0.08 | Jul 7, 2004 | Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket. | |||
| CVE-2019-10009 | 0.03 | — | 0.11 | Jun 3, 2019 | A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside… | |||
| CVE-2014-1843 | 0.03 | — | 0.05 | Apr 29, 2014 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter. | |||
| CVE-2014-1842 | 0.03 | — | 0.05 | Apr 29, 2014 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value. | |||
| CVE-2014-1841 | 0.03 | — | 0.05 | Apr 29, 2014 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter. | |||
| CVE-2009-4606 | 0.03 | — | 0.01 | Jan 13, 2010 | South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath… | |||
| CVE-2024-1192 | 0.00 | — | 0.00 | Feb 2, 2024 | A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The… | |||
| CVE-2023-45690 | 0.00 | — | 0.01 | Oct 16, 2023 | Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem | |||
| CVE-2023-45689 | 0.00 | — | 0.01 | Oct 16, 2023 | Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal | |||
| CVE-2023-45688 | 0.00 | — | 0.01 | Oct 16, 2023 | Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command | |||
| CVE-2023-45687 | 0.00 | — | 0.01 | Oct 16, 2023 | A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing | |||
| CVE-2023-45686 | 0.00 | — | 0.01 | Oct 16, 2023 | Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | |||
| CVE-2023-45685 | 0.00 | — | 0.01 | Oct 16, 2023 | Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | |||
| CVE-2023-27744 | 0.00 | — | 0.01 | Jun 2, 2023 | An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. | |||
| CVE-2023-27745 | 0.00 | — | 0.00 | Jun 2, 2023 | An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. | |||
| CVE-2022-34005 | 0.00 | — | 0.02 | Jun 19, 2022 | An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue… | |||
| CVE-2010-2425 | 0.00 | — | 0.01 | Jun 24, 2010 | Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command. | |||
| CVE-2006-0867 | 0.00 | — | 0.01 | Feb 23, 2006 | Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field. |
- risk 0.40cvss 6.2epss 0.00
WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in…
- risk 0.33cvss 5.0epss 0.00
Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI.
- CVE-2023-22629Feb 14, 2023risk 0.08cvss —epss 0.12
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
- CVE-2008-6082Feb 6, 2009risk 0.07cvss —epss 0.45
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
- CVE-2010-2426Jun 24, 2010risk 0.04cvss —epss 0.12
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.
- CVE-2008-5281Nov 29, 2008risk 0.04cvss —epss 0.06
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.
- CVE-2008-0702Feb 12, 2008risk 0.04cvss —epss 0.08
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than…
- CVE-2004-1641Aug 29, 2004risk 0.04cvss —epss 0.08
Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST.
- CVE-2004-0437Jul 7, 2004risk 0.04cvss —epss 0.08
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket.
- CVE-2019-10009Jun 3, 2019risk 0.03cvss —epss 0.11
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside…
- CVE-2014-1843Apr 29, 2014risk 0.03cvss —epss 0.05
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
- CVE-2014-1842Apr 29, 2014risk 0.03cvss —epss 0.05
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
- CVE-2014-1841Apr 29, 2014risk 0.03cvss —epss 0.05
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
- CVE-2009-4606Jan 13, 2010risk 0.03cvss —epss 0.01
South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath…
- CVE-2024-1192Feb 2, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The…
- CVE-2023-45690Oct 16, 2023risk 0.00cvss —epss 0.01
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
- CVE-2023-45689Oct 16, 2023risk 0.00cvss —epss 0.01
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal
- CVE-2023-45688Oct 16, 2023risk 0.00cvss —epss 0.01
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command
- CVE-2023-45687Oct 16, 2023risk 0.00cvss —epss 0.01
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing
- CVE-2023-45686Oct 16, 2023risk 0.00cvss —epss 0.01
Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal
- CVE-2023-45685Oct 16, 2023risk 0.00cvss —epss 0.01
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal
- CVE-2023-27744Jun 2, 2023risk 0.00cvss —epss 0.01
An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution.
- CVE-2023-27745Jun 2, 2023risk 0.00cvss —epss 0.00
An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server.
- CVE-2022-34005Jun 19, 2022risk 0.00cvss —epss 0.02
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue…
- CVE-2010-2425Jun 24, 2010risk 0.00cvss —epss 0.01
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command.
- CVE-2006-0867Feb 23, 2006risk 0.00cvss —epss 0.01
Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field.