CVSS: 9.8EPSS: 68%CPEs: 2EXPL: 2CVE-2008-3734 – Ipswitch WS_FTP Home/Professional FTP Client - Remote Format String (PoC)
https://notcve.org/view.php?id=CVE-2008-3734
20 Aug 2008 — Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). Vulnerabilidad de formato de cadena en Ipswitch WS_FTP Home 2007.0.0.2 y WS_FTP Professional 2007.1.0.0, permite a servidores FTP remotos provocar una denegación de servicio (caída de la aplicación) o puede que ejecutar código de su elecc... • https://www.exploit-db.com/exploits/6257 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0665
https://notcve.org/view.php?id=CVE-2007-0665
02 Feb 2007 — Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command. Vulnerabilidad de formato de cadena en el módulo SCP en Ipswitch WS_FTP 2007 Professional podría permitir a atacantes remotos ejecutar comandos de su elección a través de las especificaciones de formato de cadena en el nombre de ficheroo, relacionado con la secuencia de comandos ... • http://osvdb.org/33602 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0330
https://notcve.org/view.php?id=CVE-2007-0330
18 Jan 2007 — Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. Desbordamiento de búfer en wsbho2k0.dll, como ha sido utilizado en wsftpurl.exe, en Ipswitch WS_FTP 2007 Professional permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código... • http://osvdb.org/33476 •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 2CVE-2004-1884
https://notcve.org/view.php?id=CVE-2004-1884
23 Mar 2004 — Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. • http://marc.info/?l=bugtraq&m=108006581418116&w=2 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2002-1851
https://notcve.org/view.php?id=CVE-2002-1851
31 Dec 2002 — Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors. • http://www.iss.net/security_center/static/10185.php •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-1999-1078
https://notcve.org/view.php?id=CVE-1999-1078
29 Jul 1999 — WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges. • http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9907&L=ntbugtraq&D=0&P=10370&F=P •