Ipswitch: >> Ws Ftp Pro Security Vulnerabilities
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response).
CVSS Score
9.3
EPSS Score
0.689
Published
2008-08-20
Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command.
CVSS Score
6.8
EPSS Score
0.002
Published
2007-02-02
Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors.
CVSS Score
7.5
EPSS Score
0.005
Published
2007-01-18
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
CVSS Score
7.5
EPSS Score
0.003
Published
2004-03-23
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors.
CVSS Score
7.5
EPSS Score
0.013
Published
2002-12-31
WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges.
CVSS Score
7.5
EPSS Score
0.01
Published
1999-07-29