CVSS: 9.8EPSS: 4%CPEs: 16EXPL: 0CVE-2013-4742 – Surge FTP 23c8 Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4742
23 Jul 2013 — Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. Desbordamiento de búfer en NetWin SurgeFTP anterior a v23d2 permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una cadena larga dentro de la solicitud de autenticación. Surge FTP server versions 23c8 and below suffer from a buffer overflow v... • http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3768
https://notcve.org/view.php?id=CVE-2007-3768
15 Jul 2007 — The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. El mecanismo de espejo del SurgeFTP 2.3a1 permite a atacantes con la intervención del usuario, a través de servidores FTP remotos provocar una denegación de servicio (reinicio) a través de una respuesta mal formada en el parámetro PASV. • http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3769
https://notcve.org/view.php?id=CVE-2007-3769
15 Jul 2007 — Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administ... • http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2005-1034
https://notcve.org/view.php?id=CVE-2005-1034
09 Apr 2005 — SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. • http://marc.info/?l=bugtraq&m=111289226204780&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 2CVE-2004-2318
https://notcve.org/view.php?id=CVE-2004-2318
31 Dec 2004 — The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. • http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt •