Provideserver Provide Ftp Server — known CVE vulnerabilities
Every CVE whose affected-product data names Provideserver Provide Ftp Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2020-11708 — CVSS 9.8 (critical): An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages…
CVE-2020-11705 — CVSS 9.8 (critical): An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary…
CVE-2020-11701 — CVSS 8.8 (high): An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting…
CVE-2020-11706 — CVSS 8.8 (high): An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any…
CVE-2020-11707 — CVSS 8.8 (high): An issue was discovered in ProVide (formerly zFTPServer) through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As…
CVE-2020-11703 — CVSS 7.5 (high): An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the…
CVE-2020-11704 — CVSS 6.1 (medium): An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS…
CVE-2020-11702 — CVSS 6.1 (medium): An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues…