CVSS: 9.8EPSS: 4%CPEs: 16EXPL: 0CVE-2013-4742 – Surge FTP 23c8 Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4742
23 Jul 2013 — Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. Desbordamiento de búfer en NetWin SurgeFTP anterior a v23d2 permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una cadena larga dentro de la solicitud de autenticación. Surge FTP server versions 23c8 and below suffer from a buffer overflow v... • http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3768
https://notcve.org/view.php?id=CVE-2007-3768
15 Jul 2007 — The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. El mecanismo de espejo del SurgeFTP 2.3a1 permite a atacantes con la intervención del usuario, a través de servidores FTP remotos provocar una denegación de servicio (reinicio) a través de una respuesta mal formada en el parámetro PASV. • http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3769
https://notcve.org/view.php?id=CVE-2007-3769
15 Jul 2007 — Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administ... • http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 2CVE-2004-2318
https://notcve.org/view.php?id=CVE-2004-2318
31 Dec 2004 — The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. • http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2001-0698
https://notcve.org/view.php?id=CVE-2001-0698
20 Sep 2001 — Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command. • http://www.netwinsite.com/surgeftp/manual/updates.htm •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2001-0696
https://notcve.org/view.php?id=CVE-2001-0696
20 Sep 2001 — NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con. • http://netwinsite.com/surgeftp/manual/updates.htm •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2001-1356
https://notcve.org/view.php?id=CVE-2001-1356
04 Aug 2001 — NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021. • http://online.securityfocus.com/archive/1/201951 •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 2CVE-2001-1354 – NetWin DMail 2.x / SurgeFTP 1.0/2.0 - Weak Password Encryption
https://notcve.org/view.php?id=CVE-2001-1354
20 Jul 2001 — NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password. • https://www.exploit-db.com/exploits/21020 •
CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 0CVE-2001-1355
https://notcve.org/view.php?id=CVE-2001-1355
20 Jul 2001 — Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command. • http://online.securityfocus.com/archive/1/198293 •