CVE-2023-42657 — CVSS 9.9 (critical): In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this…
CVE-2023-42659 — CVSS 9.1 (critical): In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer…
CVE-2008-0590 — CVSS 9.0 (critical): Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and…
CVE-2023-40047 — CVSS 8.3 (high): In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An…
CVE-2023-40045 — CVSS 8.3 (high): In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc…
CVE-2023-40046 — CVSS 8.2 (high): In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An…
CVE-2024-1474 — CVSS 7.5 (high): In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the…
CVE-2002-0826 — CVSS 7.5 (high): Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.
CVE-2004-1884 — CVSS 7.5 (high): Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
CVE-2001-1021 — CVSS 7.5 (high): Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4)…
CVE-2003-0772 — CVSS 7.5 (high): Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary…
CVE-2004-1883 — CVSS 7.2 (high): Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large…
CVE-2023-24029 — CVSS 7.2 (high): In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface…
CVE-2004-1885 — CVSS 7.2 (high): Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify…
CVE-2023-40048 — CVSS 6.8 (medium): In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a…
CVE-2006-5000 — CVSS 6.5 (medium): Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote…
CVE-2006-4847 — CVSS 6.5 (medium): Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via…
CVE-2024-7744 — CVSS 6.5 (medium): In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')…
CVE-2024-7745 — CVSS 6.5 (medium): In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows…
CVE-2022-27665 — CVSS 6.1 (medium): Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of…
CVE-2019-12143 — CVSS 5.3 (medium): A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply…
CVE-2023-40049 — CVSS 5.3 (medium): In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.
CVE-2006-5001 — CVSS 5.0 (medium): Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents…
CVE-2004-1848 — CVSS 5.0 (medium): Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via…
CVE-2004-1643 — CVSS 5.0 (medium): WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid…
CVE-1999-1170 — CVSS 4.6 (medium): IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
CVE-1999-1171 — CVSS 4.6 (medium): IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to…