Shodan
Vulnerabilities
Vulnerable Software
Progress:  >> Ws Ftp Server  >> 5.0.2  Security Vulnerabilities
CVE-2023-40045
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module.  An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
CVSS Score
8.3
EPSS Score
0.0
Published
2023-09-27
CVE-2023-24029
In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-02-03
CVE-2019-12143
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-06-11
CVE-2006-5000
Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
CVSS Score
6.5
EPSS Score
0.341
Published
2006-09-26
CVE-2006-5001
Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
CVSS Score
5.0
EPSS Score
0.213
Published
2006-09-26
CVE-2006-4847
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
CVSS Score
6.5
EPSS Score
0.892
Published
2006-09-19
CVE-2004-1643
WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence.
CVSS Score
5.0
EPSS Score
0.095
Published
2004-08-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved