Every CVE whose affected-product data names Netwin Surgeftp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2001-1356 — CVSS 10.0 (critical): NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote…
CVE-2001-1355 — CVSS 10.0 (critical): Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages…
CVE-2007-3768 — CVSS 8.5 (high): The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed…
CVE-2013-4742 — CVSS 7.5 (high): Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary…
CVE-2008-1052 — CVSS 6.4 (medium): The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash)…
CVE-2017-17933 — CVSS 6.1 (medium): cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid…
CVE-2007-3769 — CVSS 5.8 (medium): Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP…
CVE-2005-1034 — CVSS 5.0 (medium): SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.
CVE-2001-0697 — CVSS 5.0 (medium): NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
CVE-2001-0698 — CVSS 5.0 (medium): Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the…
CVE-2001-0696 — CVSS 5.0 (medium): NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS…
CVE-2001-1354 — CVSS 4.6 (medium): NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password…
CVE-2010-1068 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary…