Netwin: >> Surgeftp >> 1.1h Security Vulnerabilities
Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request.
CVSS Score
7.5
EPSS Score
0.042
Published
2013-08-09
The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.
CVSS Score
8.5
EPSS Score
0.01
Published
2007-07-15
Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account.
CVSS Score
5.8
EPSS Score
0.007
Published
2007-07-15
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
CVSS Score
5.0
EPSS Score
0.062
Published
2001-09-20