📦

ws_ftp_server

Vendor: ipswitch

Login to add this product to WatchStack
Actively Exploited 1 CISA KEV List
PoC / Exploits 11 Code Available
Total RCEs 10 Remote Access
Total CVEs 14 Total Indexed
Avg. EPSS 15.19% Exploit Prob.
Latest CVE CVE-2024-7745 Aug 28

Security Vulnerability Index

Page 2 / 2
Critical Target
10.0 CVSS
CVE-2023-40044
RCE Exploit Found

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.

EPSS: 94.44%
6.1 CVSS
CVE-2022-27665

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.

EPSS: 1.10%
7.2 CVSS
CVE-2023-24029

In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.

EPSS: 0.52%
9.1 CVSS
CVE-2019-12146

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory.

EPSS: 0.01%
7.5 CVSS
CVE-2019-12145

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system.

EPSS: 0.01%
9.8 CVSS
CVE-2019-12144
RCE

An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature.

EPSS: 0.25%
5.3 CVSS
CVE-2019-12143

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.

EPSS: 0.01%
9.0 CVSS
CVE-2008-0590
RCE Exploit Found

Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.

EPSS: 4.51%
6.8 CVSS
CVE-2007-0666
RCE

Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.

EPSS: 0.27%
5.0 CVSS
CVE-2006-5001

Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.

EPSS: 19.62%