4 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. Ipswitch WS_FTP Professional en versiones anteriores a la 12.6.0.3 incluye desbordamientos de búfer en el campo de búsqueda local y el campo de localizaciones de copias de seguridad. Esto también se conoce como WSCLT-1729. • https://www.exploit-db.com/exploits/43115 https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0

Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. Ipswitch WS_FTP Server Manager 6.1.0.0 y anteriores, y posiblemente otros productos de Ipswitch, podría permitir a atacantes remotos leer el contenido de ficheros ASP en WSFTPSVR/ a través de una solicitud con un carácter punto al final. • http://aluigi.altervista.org/adv/wsftpweblog-adv.txt http://securityreason.com/securityalert/4799 http://www.securityfocus.com/archive/1/487686/100/200/threaded http://www.securityfocus.com/archive/1/487697/100/200/threaded http://www.securityfocus.com/bid/27654 https://exchange.xforce.ibmcloud.com/vulnerabilities/47677 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 1

Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. Ipswitch WS_FTP Server Manager anterior a la version 6.1.1, y posiblemente otros productos de Ipswitch, permite a atacantes remotos eludir la autenticación y leer los logs a través de una acción logLogout a FTPLogServer/login.asp seguido por una solicitud de FTPLogServer/LogViewer.asp con el nombre de cuenta localhostnull. • https://www.exploit-db.com/exploits/31117 http://aluigi.altervista.org/adv/wsftpweblog-adv.txt http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12 http://secunia.com/advisories/28822 http://securityreason.com/securityalert/4799 http://www.securityfocus.com/archive/1/487686/100/200/threaded http://www.securityfocus.com/archive/1/487697/100/200/threaded http://www.securityfocus.com/bid/27654 http://www.vupen& • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module. Ipswitch WS_FTP Server versión 5.04 permite a los administradores de sitios FTP ejecutar código arbitrario en el sistema por medio de una larga cadena de entrada para los archivos (1) iFTPAddU o (2) iFTPAddH, o (3) para el módulo edition. • http://osvdb.org/33646 http://osvdb.org/33647 http://www.securityfocus.com/archive/1/458774/100/0/threaded http://www.securityfocus.com/archive/1/458932/100/0/threaded http://www.securityfocus.com/archive/1/458942/100/0/threaded http://www.securityfocus.com/archive/1/459023/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/32176 •