CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17933 – NetWin SurgeFTP 23f2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-17933
cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. cgi/surgeftpmgr.cgi (también conocido como la interfaz de gestión web en los puertos TCP 7021 o 9021) en NetWin SurgeFTP versión 23f2 tiene XSS mediante los parámetros classid, domainid o username. NetWin SurgeFTP version 23f2 suffers from multiple persistent cross site scripting vulnerabilities. • https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 11%CPEs: 16EXPL: 0CVE-2013-4742
https://notcve.org/view.php?id=CVE-2013-4742
Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. Desbordamiento de búfer en NetWin SurgeFTP anterior a v23d2 permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una cadena larga dentro de la solicitud de autenticación. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html http://osvdb.org/95582 http://secunia.com/advisories/54188 http://www.securityfocus.com/bid/61403 https://exchange.xforce.ibmcloud.com/vulnerabilities/85922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2010-1068
https://notcve.org/view.php?id=CVE-2010-1068
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en surgeftpmgr.cgi en NetWin SurgeFTP v2.3a6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través de los parámetros (1) domainid o (2) classid en una acción class. • http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt http://secunia.com/advisories/38097 http://www.exploit-db.com/exploits/11092 https://exchange.xforce.ibmcloud.com/vulnerabilities/55509 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 8%CPEs: 1EXPL: 1CVE-2008-1052 – SurgeFTP 2.3a2 - 'Content-Length' Null Pointer Denial of Service
https://notcve.org/view.php?id=CVE-2008-1052
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails. La interface de administración web de NetWin SurgeFTP 2.3a2 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través un entero largo en la cabecera Content-Length HTT, lo cual dispara un puntero a referencia NULL cuando la asignación de memoria falla. • https://www.exploit-db.com/exploits/31302 http://aluigi.altervista.org/adv/surgeftpizza-adv.txt http://secunia.com/advisories/29096 http://securityreason.com/securityalert/3704 http://www.securityfocus.com/archive/1/488745/100/0/threaded http://www.securityfocus.com/bid/27993 https://exchange.xforce.ibmcloud.com/vulnerabilities/40843 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3768
https://notcve.org/view.php?id=CVE-2007-3768
The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. El mecanismo de espejo del SurgeFTP 2.3a1 permite a atacantes con la intervención del usuario, a través de servidores FTP remotos provocar una denegación de servicio (reinicio) a través de una respuesta mal formada en el parámetro PASV. • http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt http://marc.info/?l=full-disclosure&m=118409539009277&w=2 http://osvdb.org/37909 http://secunia.com/advisories/26061 http://securityreason.com/securityalert/2883 http://www.vupen.com/english/advisories/2007/2528 https://exchange.xforce.ibmcloud.com/vulnerabilities/35376 •