CVSS: 7.5EPSS: 11%CPEs: 16EXPL: 0CVE-2013-4742
https://notcve.org/view.php?id=CVE-2013-4742
Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. Desbordamiento de búfer en NetWin SurgeFTP anterior a v23d2 permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una cadena larga dentro de la solicitud de autenticación. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html http://osvdb.org/95582 http://secunia.com/advisories/54188 http://www.securityfocus.com/bid/61403 https://exchange.xforce.ibmcloud.com/vulnerabilities/85922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3768
https://notcve.org/view.php?id=CVE-2007-3768
The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. El mecanismo de espejo del SurgeFTP 2.3a1 permite a atacantes con la intervención del usuario, a través de servidores FTP remotos provocar una denegación de servicio (reinicio) a través de una respuesta mal formada en el parámetro PASV. • http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt http://marc.info/?l=full-disclosure&m=118409539009277&w=2 http://osvdb.org/37909 http://secunia.com/advisories/26061 http://securityreason.com/securityalert/2883 http://www.vupen.com/english/advisories/2007/2528 https://exchange.xforce.ibmcloud.com/vulnerabilities/35376 •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3769
https://notcve.org/view.php?id=CVE-2007-3769
Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administración de servidor espejo en SurgeFTP 2.3a1 permite a servidores FTP remotos, con la intervención del usuario, inyectar secuencias de comandos web o HTML de su elección mediante una respuesta mal formada sin un código de estado, lo cual se refleja al usuario en el mensaje de error resultante. NOTA: esto puede ser aprovechado para obtener acceso como root mediante una secuencia de pasos involucrando secuencias de comandos web que crean una nueva cuenta de usuario FTP. • http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt http://marc.info/?l=full-disclosure&m=118409539009277&w=2 http://osvdb.org/37911 http://secunia.com/advisories/26061 http://www.vupen.com/english/advisories/2007/2528 https://exchange.xforce.ibmcloud.com/vulnerabilities/35378 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2005-1034
https://notcve.org/view.php?id=CVE-2005-1034
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. • http://marc.info/?l=bugtraq&m=111289226204780&w=2 http://secunia.com/advisories/14888 http://securitytracker.com/id?1013664 http://www.security.org.sg/vuln/surgeftp22m1.html http://www.securityfocus.com/bid/13054 https://exchange.xforce.ibmcloud.com/vulnerabilities/20011 •
CVSS: 5.0EPSS: 1%CPEs: 11EXPL: 2CVE-2004-2318
https://notcve.org/view.php?id=CVE-2004-2318
The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. • http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt http://securitytracker.com/id?1008898 http://www.osvdb.org/3788 http://www.secunia.com/advisories/10758 http://www.securityfocus.com/bid/9554 https://exchange.xforce.ibmcloud.com/vulnerabilities/15001 •