📦

ws_ftp_pro

Vendor: ipswitch

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 4 Remote Access

Total CVEs 7 Total Indexed

Avg. EPSS 13.91% Exploit Prob.

Latest CVE CVE-2008-3734 Aug 20

Security Vulnerability Index

Page 1 / 1

9.3 CVSS

CVE-2008-3734

RCE Exploit Found

Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response).

EPSS: 69.43%

Severity: HIGH

Aug 20, 2008

6.8 CVSS

CVE-2007-0665

RCE

Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command.

EPSS: 0.39%

Severity: MEDIUM

Feb 02, 2007

7.5 CVSS

CVE-2007-0330

RCE

Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors.

EPSS: 0.83%

Severity: HIGH

Jan 18, 2007

7.5 CVSS

CVE-2004-1884

Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.

EPSS: 1.12%

Severity: HIGH

Mar 23, 2004

7.5 CVSS

CVE-2002-1851

RCE

Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors.

EPSS: 10.67%

Severity: HIGH

Dec 31, 2002

7.5 CVSS

CVE-1999-1078

WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges.

EPSS: 1.01%

Severity: HIGH

Jul 29, 1999

Displaying 6 of 7 Total Entries

Total 1 Sections