Progress

Ws Ftp Server

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2024-7745

  • EPSS 0.15%
  • Veröffentlicht 28.08.2024 17:15:11
  • Zuletzt bearbeitet 04.09.2024 17:57:57

In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.

6.5

CVE-2024-7744

  • EPSS 0.13%
  • Veröffentlicht 28.08.2024 17:15:11
  • Zuletzt bearbeitet 04.09.2024 17:57:51

In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Tr...

6.1

CVE-2024-1474

  • EPSS 0.07%
  • Veröffentlicht 21.02.2024 16:15:49
  • Zuletzt bearbeitet 02.01.2025 13:58:35

In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.

8.8

CVE-2023-42659

  • EPSS 0.04%
  • Veröffentlicht 07.11.2023 16:15:28
  • Zuletzt bearbeitet 21.11.2024 08:22:54

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the u...

9.6

CVE-2023-42657

  • EPSS 0.61%
  • Veröffentlicht 27.09.2023 15:19:32
  • Zuletzt bearbeitet 21.11.2024 08:22:54

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.  An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their ...

5.3

CVE-2023-40049

  • EPSS 0.38%
  • Veröffentlicht 27.09.2023 15:19:01
  • Zuletzt bearbeitet 21.11.2024 08:18:36

In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.

6.5

CVE-2023-40048

  • EPSS 0.55%
  • Veröffentlicht 27.09.2023 15:19:00
  • Zuletzt bearbeitet 21.11.2024 08:18:35

In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.

4.8

CVE-2023-40047

  • EPSS 0.02%
  • Veröffentlicht 27.09.2023 15:18:58
  • Zuletzt bearbeitet 21.11.2024 08:18:35

In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing...

7.2

CVE-2023-40046

  • EPSS 0.18%
  • Veröffentlicht 27.09.2023 15:18:58
  • Zuletzt bearbeitet 21.11.2024 08:18:35

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statem...

6.1

CVE-2023-40045

  • EPSS 0.04%
  • Veröffentlicht 27.09.2023 15:18:57
  • Zuletzt bearbeitet 21.11.2024 08:18:35

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module.  An attacker could leverage this vulnerability to target WS_FTP Server users with a specia...