📦

ftp_voyager

Vendor: rhinosoft

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 2 Code Available
Total RCEs 1 Remote Access
Total CVEs 4 Total Indexed
Avg. EPSS 1.30% Exploit Prob.
Latest CVE CVE-2018-25252 Apr 04

Security Vulnerability Index

Page 1 / 1
6.9 CVSS
CVE-2018-25252

FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP field to trigger a buffer overflow that crashes the FTP Voyager process.

EPSS: 0.04%
8.8 CVSS
CVE-2017-6803
Exploit Found

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.

EPSS: 0.18%
9.3 CVSS
CVE-2010-4154

Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

EPSS: 0.29%
7.8 CVSS
CVE-2007-1079
Exploit Found

Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.

EPSS: 5.50%
7.5 CVSS
CVE-2001-1103
RCE

FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands.

EPSS: 0.50%