CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0CVE-2008-5693
https://notcve.org/view.php?id=CVE-2008-5693
Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. Ipswitch WS_FTP Server Manager 6.1.0.0 y anteriores, y posiblemente otros productos de Ipswitch, podría permitir a atacantes remotos leer el contenido de ficheros ASP en WSFTPSVR/ a través de una solicitud con un carácter punto al final. • http://aluigi.altervista.org/adv/wsftpweblog-adv.txt http://securityreason.com/securityalert/4799 http://www.securityfocus.com/archive/1/487686/100/200/threaded http://www.securityfocus.com/archive/1/487697/100/200/threaded http://www.securityfocus.com/bid/27654 https://exchange.xforce.ibmcloud.com/vulnerabilities/47677 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 1CVE-2008-5692 – Ipswitch WS_FTP Server 6 - '/WSFTPSVR/FTPLogServer/LogViewer.asp' Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-5692
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. Ipswitch WS_FTP Server Manager anterior a la version 6.1.1, y posiblemente otros productos de Ipswitch, permite a atacantes remotos eludir la autenticación y leer los logs a través de una acción logLogout a FTPLogServer/login.asp seguido por una solicitud de FTPLogServer/LogViewer.asp con el nombre de cuenta localhostnull. • https://www.exploit-db.com/exploits/31117 http://aluigi.altervista.org/adv/wsftpweblog-adv.txt http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12 http://secunia.com/advisories/28822 http://securityreason.com/securityalert/4799 http://www.securityfocus.com/archive/1/487686/100/200/threaded http://www.securityfocus.com/archive/1/487697/100/200/threaded http://www.securityfocus.com/bid/27654 http://www.vupen& • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-3795 – Ipswitch WS_FTP Home/Professional FTP Client - Remote Format String (PoC)
https://notcve.org/view.php?id=CVE-2008-3795
Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response." Desbordamiento del búfer en Ipswitch WS_FTP Home client, permite a servidores FTP remotos tener un impacto desconocido mediante un largo "mensaje de respuesta". • https://www.exploit-db.com/exploits/6257 http://securityreason.com/securityalert/4173 http://www.securityfocus.com/bid/30728 https://exchange.xforce.ibmcloud.com/vulnerabilities/44744 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 11%CPEs: 2EXPL: 2CVE-2008-3734 – Ipswitch WS_FTP Home/Professional FTP Client - Remote Format String (PoC)
https://notcve.org/view.php?id=CVE-2008-3734
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). Vulnerabilidad de formato de cadena en Ipswitch WS_FTP Home 2007.0.0.2 y WS_FTP Professional 2007.1.0.0, permite a servidores FTP remotos provocar una denegación de servicio (caída de la aplicación) o puede que ejecutar código de su elección mediante especificadores de formato de cadena en un saludo de conexión (respuesta). • https://www.exploit-db.com/exploits/6257 http://secunia.com/advisories/31504 http://securityreason.com/securityalert/4173 http://www.securityfocus.com/bid/30720 http://www.securitytracker.com/id?1020713 http://www.securitytracker.com/id?1020714 https://exchange.xforce.ibmcloud.com/vulnerabilities/44512 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.0EPSS: 15%CPEs: 1EXPL: 3CVE-2008-0944 – Ipswitch Instant Messaging 2.0.8.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0944
Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero. Ipswitch Instant Messaging (IM) 2.0.8.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (referencia nula y caída de aplicación) a través de un campo de versión cuyo valor es cero. • https://www.exploit-db.com/exploits/31122 http://aluigi.altervista.org/adv/ipsimene-adv.txt http://secunia.com/advisories/28824 http://securityreason.com/securityalert/3697 http://www.securityfocus.com/archive/1/487748/100/200/threaded http://www.securityfocus.com/bid/27677 • CWE-189: Numeric Errors •