CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17933 – NetWin SurgeFTP 23f2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-17933
28 Dec 2017 — cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. cgi/surgeftpmgr.cgi (también conocido como la interfaz de gestión web en los puertos TCP 7021 o 9021) en NetWin SurgeFTP versión 23f2 tiene XSS mediante los parámetros classid, domainid o username. NetWin SurgeFTP version 23f2 suffers from multiple persistent cross site scripting vulnerabilities. • https://packetstorm.news/files/id/145572 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 16EXPL: 0CVE-2013-4742 – Surge FTP 23c8 Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4742
23 Jul 2013 — Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. Desbordamiento de búfer en NetWin SurgeFTP anterior a v23d2 permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una cadena larga dentro de la solicitud de autenticación. Surge FTP server versions 23c8 and below suffer from a buffer overflow v... • http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2010-1068
https://notcve.org/view.php?id=CVE-2010-1068
23 Mar 2010 — Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en surgeftpmgr.cgi en NetWin SurgeFTP v2.3a6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través de los parámetros (1) domainid o (2) classid en una acción class. • http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 1CVE-2008-1052 – SurgeFTP 2.3a2 - 'Content-Length' Null Pointer Denial of Service
https://notcve.org/view.php?id=CVE-2008-1052
27 Feb 2008 — The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails. La interface de administración web de NetWin SurgeFTP 2.3a2 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través un entero largo en la cabecera Content-Length HTT, lo cual dispara un p... • https://www.exploit-db.com/exploits/31302 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3768
https://notcve.org/view.php?id=CVE-2007-3768
15 Jul 2007 — The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. El mecanismo de espejo del SurgeFTP 2.3a1 permite a atacantes con la intervención del usuario, a través de servidores FTP remotos provocar una denegación de servicio (reinicio) a través de una respuesta mal formada en el parámetro PASV. • http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3769
https://notcve.org/view.php?id=CVE-2007-3769
15 Jul 2007 — Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administ... • http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2005-1034
https://notcve.org/view.php?id=CVE-2005-1034
09 Apr 2005 — SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. • http://marc.info/?l=bugtraq&m=111289226204780&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 2CVE-2004-2318
https://notcve.org/view.php?id=CVE-2004-2318
31 Dec 2004 — The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. • http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2001-0698
https://notcve.org/view.php?id=CVE-2001-0698
20 Sep 2001 — Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command. • http://www.netwinsite.com/surgeftp/manual/updates.htm •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2001-0696
https://notcve.org/view.php?id=CVE-2001-0696
20 Sep 2001 — NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con. • http://netwinsite.com/surgeftp/manual/updates.htm •