CVE-2017-16513 – Ipswitch WS_FTP Professional < 12.6.0.3 - Local Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2017-16513
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. Ipswitch WS_FTP Professional en versiones anteriores a la 12.6.0.3 incluye desbordamientos de búfer en el campo de búsqueda local y el campo de localizaciones de copias de seguridad. Esto también se conoce como WSCLT-1729. • https://www.exploit-db.com/exploits/43115 https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-5693
https://notcve.org/view.php?id=CVE-2008-5693
Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. Ipswitch WS_FTP Server Manager 6.1.0.0 y anteriores, y posiblemente otros productos de Ipswitch, podría permitir a atacantes remotos leer el contenido de ficheros ASP en WSFTPSVR/ a través de una solicitud con un carácter punto al final. • http://aluigi.altervista.org/adv/wsftpweblog-adv.txt http://securityreason.com/securityalert/4799 http://www.securityfocus.com/archive/1/487686/100/200/threaded http://www.securityfocus.com/archive/1/487697/100/200/threaded http://www.securityfocus.com/bid/27654 https://exchange.xforce.ibmcloud.com/vulnerabilities/47677 • CWE-20: Improper Input Validation •
CVE-2008-5692 – Ipswitch WS_FTP Server 6 - '/WSFTPSVR/FTPLogServer/LogViewer.asp' Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-5692
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. Ipswitch WS_FTP Server Manager anterior a la version 6.1.1, y posiblemente otros productos de Ipswitch, permite a atacantes remotos eludir la autenticación y leer los logs a través de una acción logLogout a FTPLogServer/login.asp seguido por una solicitud de FTPLogServer/LogViewer.asp con el nombre de cuenta localhostnull. • https://www.exploit-db.com/exploits/31117 http://aluigi.altervista.org/adv/wsftpweblog-adv.txt http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12 http://secunia.com/advisories/28822 http://securityreason.com/securityalert/4799 http://www.securityfocus.com/archive/1/487686/100/200/threaded http://www.securityfocus.com/archive/1/487697/100/200/threaded http://www.securityfocus.com/bid/27654 http://www.vupen& • CWE-287: Improper Authentication •
CVE-2006-5001
https://notcve.org/view.php?id=CVE-2006-5001
Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. Vulnerabilidad no especificada en el analizador de log en WS_FTP Server 5.05 anterior a Hotfix 1, y posiblemente versiones anteriores a la 5.0, previene que cierta información sensible sea mostrada en las pestañas (1) Files y (2) Summary. NOTA: en la publicación anterior de este identificador en 26/09/2006, la descripción fue usada para el asunto equivocado. • http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp •
CVE-2006-5000 – Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-5000
Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. Múltiples desbordamientos de búfer en WS_FTP Server 5.05 anterior a Hotfix 1, y posiblemente otras versiones anteriores a la 5.0, tienen impacto y vectores de ataque remotos autenticados desconocidos mediante los comandos (1) XCRC, (2) XMD5, y (3) XSHA1. NOTA: en la publicación anterior de este identificador en 26/09/2006, la descripción fue usada por el asunto equivocado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch WS_FTP Server. • http://securitytracker.com/id?1016935 http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp http://www.securityfocus.com/archive/1/447077/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-06-029.html https://exchange.xforce.ibmcloud.com/vulnerabilities/41829 •