CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45690 – Information leak via default file permissions on Titan MFT and Titan SFTP servers
https://notcve.org/view.php?id=CVE-2023-45690
16 Oct 2023 — Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem Los permisos de archivos predeterminados en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux permiten que un usuario que se autentica en el sistema operativo lea archivos confidenciales en el sistema de archivos. • https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 • CWE-276: Incorrect Default Permissions •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 1CVE-2022-44215
https://notcve.org/view.php?id=CVE-2022-44215
22 Aug 2023 — There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. Hay una vulnerabilidad de redirección abierta en las versiones 19.0 e inferiores del servidor Titan FTP. Los usuarios son redirigidos a cualquier URL de destino. • https://github.com/JBalanza/CVE-2022-44215 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27744
https://notcve.org/view.php?id=CVE-2023-27744
02 Jun 2023 — An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. • https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27745
https://notcve.org/view.php?id=CVE-2023-27745
02 Jun 2023 — An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. • https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf • CWE-346: Origin Validation Error •
CVSS: 9.0EPSS: 13%CPEs: 1EXPL: 3CVE-2023-22629 – TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-22629
14 Feb 2023 — An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem. Titan FTP server versions prior to 2.0.1.2102 suffer from a path traversal vulnerability. • https://packetstorm.news/files/id/171737 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2022-34005
https://notcve.org/view.php?id=CVE-2022-34005
19 Jun 2022 — An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. Se descubrió un problema en TitanFTP (también conocido como Titan FTP) NextGen antes de 1.2.1050... • https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34006
https://notcve.org/view.php?id=CVE-2022-34006
19 Jun 2022 — An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. Se descubrió un problema en TitanFTP (también co... • https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 6%CPEs: 1EXPL: 3CVE-2019-10009 – Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion
https://notcve.org/view.php?id=CVE-2019-10009
27 Mar 2019 — A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory. Se descubrió un problema de Recorrido de directorios en la GUI web en el servidor FTP 2019 Build 3505 de Titan. Cuando un usuario identificado intenta obtener una vista previa de un archivo cargado (a través de P... • https://packetstorm.news/files/id/152244 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 3CVE-2014-1841 – Titan FTP Server 10.32 Build 1816 - Directory Traversal
https://notcve.org/view.php?id=CVE-2014-1841
11 Feb 2014 — Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter. Vulnerabilidad de salto de directorio en la interfaz web en Titan FTP Server anterior a 10.40 build 1829 permite a atacantes remotos copiar una carpeta home de usuario arbitraria a través de una acción Move con un .. (punto punto) en el parámetro src. Titan FTP server version 10.32 Build ... • https://packetstorm.news/files/id/125150 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 16%CPEs: 4EXPL: 3CVE-2014-1842 – Titan FTP Server 10.32 Build 1816 - Directory Traversal
https://notcve.org/view.php?id=CVE-2014-1842
11 Feb 2014 — Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value. Vulnerabilidad de salto de directorio en la interfaz web en Titan FTP Server anterior a 10.40 build 1829 permite a atacantes remotos listar todos los nombres de usuarios a través de una acción Go con un .. (punto punto) en el valor de barra de búsqueda. Titan FTP server version 10.32 Build 1816 suffers fr... • https://packetstorm.news/files/id/125150 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •