CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1190 – Global Scape CuteFTP denial of service
https://notcve.org/view.php?id=CVE-2024-1190
A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://fitoxs.com/vuldb/16-exploit-perl.txt https://vuldb.com/?ctiid.252680 https://vuldb.com/?id.252680 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2991 – Fortra Globalscape Administration Server Information Disclosure
https://notcve.org/view.php?id=CVE-2023-2991
Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message • https://kb.globalscape.com/Knowledgebase/11589/Is-EFT-susceptible-to-the-Remotely-obtain-HDD-serial-number-vulnerability https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2990 – Fortra Globalscape Administration Server Denial of Service
https://notcve.org/view.php?id=CVE-2023-2990
Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service • https://kb.globalscape.com/Knowledgebase/11588/Is-EFT-susceptible-to-the-Denial-of-service-via-recursive-Deflate-Stream-vulnerability https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2989 – Fortra Globalscape Administration Server Out of Bounds Memory Read
https://notcve.org/view.php?id=CVE-2023-2989
Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited • https://kb.globalscape.com/Knowledgebase/11586/Is-EFT-susceptible-to-the-Authentication-Bypass-via-Outofbounds-Memory-Read-vulnerability https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 1CVE-2009-3483
https://notcve.org/view.php?id=CVE-2009-3483
Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home, and Lite 8.3.3 and 8.3.3.0054 allows user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a site list containing an entry with a long label. Desbordamiento de búfer basado en memoria dinámica -heap- en Create New Site feature en GlobalSCAPE CuteFTP Professional, Home, y Lite v8.3.3 y v8.3.3.0054 permite a atacantes remotos asistidos por el usuario causar una denegación de servicio (caída de memoria) o probablemente ejecutar código de su elección a a través de un sitio list contenido en una entrada con una etiqueta larga. • http://secunia.com/advisories/36874 http://www.osvdb.org/58387 http://www.packetstormsecurity.org/0909-exploits/Dr_IDE-CuteFTP_FTP_8.3.3-PoC.py.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/53487 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •