CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42657 – WS_FTP Server Directory Traversal
https://notcve.org/view.php?id=CVE-2023-42657
27 Sep 2023 — In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. En las versiones del s... • https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 92%CPEs: 2EXPL: 4CVE-2023-40044 – Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-40044
27 Sep 2023 — In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. En las versiones del servidor WS_FTP anteriores a la 8.7.4 y 8.8.2, un atacante previamente autenticado podría aprovechar una vulnerabilidad de deserialización de .NET en el módulo Ad Hoc Transfer para ejecutar comandos remotos en el sistema operativo subyacente del servi... • https://packetstorm.news/files/id/174917 • CWE-502: Deserialization of Untrusted Data •