Vulnerabilites related to southrivertech - titan_ftp_server
CVE-2010-2426 (GCVE-0-2010-2426)
Vulnerability from cvelistv5
Published
2010-06-23 17:13
Modified
2024-08-07 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/65533 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/40237 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/511839/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/40949 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59492 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "65533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65533"
},
{
"name": "40237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40237"
},
{
"name": "20100615 TitanFTP Server Arbitrary File Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511839/100/0/threaded"
},
{
"name": "40949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40949"
},
{
"name": "tfs-xcrc-dir-traversal(59492)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via \"..//\" sequences in the xcrc command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "65533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65533"
},
{
"name": "40237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40237"
},
{
"name": "20100615 TitanFTP Server Arbitrary File Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511839/100/0/threaded"
},
{
"name": "40949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40949"
},
{
"name": "tfs-xcrc-dir-traversal(59492)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59492"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via \"..//\" sequences in the xcrc command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65533",
"refsource": "OSVDB",
"url": "http://osvdb.org/65533"
},
{
"name": "40237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40237"
},
{
"name": "20100615 TitanFTP Server Arbitrary File Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511839/100/0/threaded"
},
{
"name": "40949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40949"
},
{
"name": "tfs-xcrc-dir-traversal(59492)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59492"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2426",
"datePublished": "2010-06-23T17:13:00",
"dateReserved": "2010-06-22T00:00:00",
"dateUpdated": "2024-08-07T02:32:16.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45690 (GCVE-0-2023-45690)
Vulnerability from cvelistv5
Published
2023-10-16 16:20
Modified
2024-09-16 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | South River Technologies | Titan MFT |
Version: 0 ≤ 2.0.17.2298 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:41:48.328097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:41:56.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Titan MFT",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Titan SFTP",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Default file permissions on South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux allows a user that\u0027s authentication to the OS to read sensitive files on the filesystem"
}
],
"value": "Default file permissions on South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux allows a user that\u0027s authentication to the OS to read sensitive files on the filesystem"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T16:20:52.656Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information leak via default file permissions on Titan MFT and Titan SFTP servers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-45690",
"datePublished": "2023-10-16T16:20:52.656Z",
"dateReserved": "2023-10-10T19:07:28.771Z",
"dateUpdated": "2024-09-16T17:41:56.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1843 (GCVE-0-2014-1843)
Vulnerability from cvelistv5
Published
2014-04-29 10:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/103197 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/65469 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/31579 | exploit, x_refsource_EXPLOIT-DB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103197",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/103197"
},
{
"name": "65469",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65469"
},
{
"name": "31579",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"name": "20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-15T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "103197",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/103197"
},
{
"name": "65469",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65469"
},
{
"name": "31579",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"name": "20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103197",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/103197"
},
{
"name": "65469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65469"
},
{
"name": "31579",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"name": "20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1843",
"datePublished": "2014-04-29T10:00:00",
"dateReserved": "2014-02-02T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10009 (GCVE-0-2019-10009)
Vulnerability from cvelistv5
Published
2019-06-03 20:53
Modified
2024-08-04 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2019/Mar/47 | mailing-list, x_refsource_FULLDISC | |
| https://www.exploit-db.com/exploits/46611/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2019/Mar/47 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/46611 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190326 CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/47"
},
{
"name": "46611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46611/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Mar/47"
},
{
"name": "46611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46611"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \\..\\..\\ technique, arbitrary files can be loaded in the server response outside the root directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T19:27:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190326 CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/47"
},
{
"name": "46611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46611/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Mar/47"
},
{
"name": "46611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46611"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \\..\\..\\ technique, arbitrary files can be loaded in the server response outside the root directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190326 CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Mar/47"
},
{
"name": "46611",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46611/"
},
{
"name": "http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html"
},
{
"name": "https://seclists.org/fulldisclosure/2019/Mar/47",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Mar/47"
},
{
"name": "46611",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46611"
},
{
"name": "http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html",
"refsource": "CONFIRM",
"url": "http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10009",
"datePublished": "2019-06-03T20:53:15",
"dateReserved": "2019-03-24T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1841 (GCVE-0-2014-1841)
Vulnerability from cvelistv5
Published
2014-04-29 10:00
Modified
2024-08-06 09:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/65462 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/31579 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.osvdb.org/103195 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:11.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "65462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65462"
},
{
"name": "31579",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"name": "103195",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/103195"
},
{
"name": "20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user\u0027s home folder via a Move action with a .. (dot dot) in the src parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-15T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "65462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65462"
},
{
"name": "31579",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"name": "103195",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/103195"
},
{
"name": "20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user\u0027s home folder via a Move action with a .. (dot dot) in the src parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65462"
},
{
"name": "31579",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"name": "103195",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/103195"
},
{
"name": "20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1841",
"datePublished": "2014-04-29T10:00:00",
"dateReserved": "2014-02-02T00:00:00",
"dateUpdated": "2024-08-06T09:50:11.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1842 (GCVE-0-2014-1842)
Vulnerability from cvelistv5
Published
2014-04-29 10:00
Modified
2024-08-06 09:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/103196 | vdb-entry, x_refsource_OSVDB | |
| http://www.exploit-db.com/exploits/31579 | exploit, x_refsource_EXPLOIT-DB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:11.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103196",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/103196"
},
{
"name": "31579",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"name": "20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-15T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "103196",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/103196"
},
{
"name": "31579",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"name": "20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103196",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/103196"
},
{
"name": "31579",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"name": "20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1842",
"datePublished": "2014-04-29T10:00:00",
"dateReserved": "2014-02-02T00:00:00",
"dateUpdated": "2024-08-06T09:50:11.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44215 (GCVE-0-2022-44215)
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 14:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://drive.google.com/file/d/1oLJaqs5RRNQLT1Hyy-tgEzzhGLB0506J/view?usp=sharing"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/JBalanza/CVE-2022-44215"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-44215",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:33:48.319817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:33:59.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T17:11:06.359149",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://drive.google.com/file/d/1oLJaqs5RRNQLT1Hyy-tgEzzhGLB0506J/view?usp=sharing"
},
{
"url": "https://github.com/JBalanza/CVE-2022-44215"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44215",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2022-10-30T00:00:00",
"dateUpdated": "2024-10-03T14:33:59.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6082 (GCVE-0-2008-6082)
Vulnerability from cvelistv5
Published
2009-02-06 11:00
Modified
2024-08-07 11:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/32269 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31757 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/49177 | vdb-entry, x_refsource_OSVDB | |
| https://www.exploit-db.com/exploits/6753 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45871 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:24.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32269"
},
{
"name": "31757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31757"
},
{
"name": "49177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/49177"
},
{
"name": "6753",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6753"
},
{
"name": "titanftpserver-sitewho-dos(45871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32269"
},
{
"name": "31757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31757"
},
{
"name": "49177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/49177"
},
{
"name": "6753",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6753"
},
{
"name": "titanftpserver-sitewho-dos(45871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32269"
},
{
"name": "31757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31757"
},
{
"name": "49177",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/49177"
},
{
"name": "6753",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6753"
},
{
"name": "titanftpserver-sitewho-dos(45871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6082",
"datePublished": "2009-02-06T11:00:00",
"dateReserved": "2009-02-05T00:00:00",
"dateUpdated": "2024-08-07T11:20:24.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2425 (GCVE-0-2010-2425)
Vulnerability from cvelistv5
Published
2010-06-23 17:13
Modified
2024-08-07 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/40237 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/40949 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/511873/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/65622 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40237"
},
{
"name": "40949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40949"
},
{
"name": "20100617 TitanFTP Server COMB directory traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511873/100/0/threaded"
},
{
"name": "65622",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/65622"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via \"..//\" sequences in a COMB command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40237"
},
{
"name": "40949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40949"
},
{
"name": "20100617 TitanFTP Server COMB directory traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511873/100/0/threaded"
},
{
"name": "65622",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/65622"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via \"..//\" sequences in a COMB command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40237"
},
{
"name": "40949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40949"
},
{
"name": "20100617 TitanFTP Server COMB directory traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511873/100/0/threaded"
},
{
"name": "65622",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65622"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2425",
"datePublished": "2010-06-23T17:13:00",
"dateReserved": "2010-06-22T00:00:00",
"dateUpdated": "2024-08-07T02:32:16.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22629 (GCVE-0-2023-22629)
Vulnerability from cvelistv5
Published
2023-02-14 00:00
Modified
2025-03-20 20:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://titanftp.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://f20.be/cves/titan-ftp-vulnerabilities"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22629",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T20:22:47.032314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T20:22:52.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server\u0027s filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf"
},
{
"url": "https://titanftp.com"
},
{
"url": "https://f20.be/cves/titan-ftp-vulnerabilities"
},
{
"url": "http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-22629",
"datePublished": "2023-02-14T00:00:00.000Z",
"dateReserved": "2023-01-05T00:00:00.000Z",
"dateUpdated": "2025-03-20T20:22:52.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-06-24 12:17
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61039826-0057-40BF-8F02-C37EA0DA7979",
"versionEndIncluding": "8.10.1125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1960AB-2FC9-4103-9EF0-C04101E0306F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "12279FA7-288E-4CED-AD2E-00C029678B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "98258371-4CAE-4D5B-B117-0BECBD910422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "23FCFE36-8E20-47D2-BBE7-BF3F0B97CEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8D56DE-57B9-4335-AA8E-CFF30AB6E030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "31D1ECAE-0AD5-4B4E-A624-CC3E03A51EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B7EDBF6E-BDF1-41D1-87FF-287171BE54A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "A7612F70-CE0D-4BA3-A8A2-67A3D772C487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "4E971345-2B55-444E-AC41-432A0C8A2E08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "FF707E79-F974-403A-B01D-EC46D0A7B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F903B4-5A9E-439F-94AC-B02B69E856AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD94D00-8831-4932-8E81-B927F7E924D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "21367D7B-3D6A-4921-AB00-1DA87404E27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CA14F899-F8D7-45E1-8B51-4FE843EE0FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "06552CFC-10A7-435E-8468-54D4B2706E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A7535B-3254-43DE-970B-09558DD48C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.11.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D40C972B-A937-45F4-9564-74D02741FF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.0.44:beta:*:*:*:*:*:*",
"matchCriteriaId": "BA92AF6F-8098-4FF3-998D-D60F4F3AC1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.00.95:*:*:*:*:*:*:*",
"matchCriteriaId": "9674DC36-D9EA-4A2B-98F9-95C5B988D626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.01.96:*:*:*:*:*:*:*",
"matchCriteriaId": "BC729747-026A-48E2-A757-E163F9365920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.02.99:*:*:*:*:*:*:*",
"matchCriteriaId": "B89752F2-1C9E-40B8-8979-A62E95F57E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.10.119:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC5D253-D10D-4CBE-9860-A03E588FFE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.10.120:*:*:*:*:*:*:*",
"matchCriteriaId": "6F87BBFD-CA31-4A3F-BDE3-34EF541854E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.10.121:*:*:*:*:*:*:*",
"matchCriteriaId": "C36112B3-AAF4-4436-820A-0A0E122F710E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.11.132:*:*:*:*:*:*:*",
"matchCriteriaId": "A42ECC42-A1DC-4081-9A7B-348A50E59964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.20.140:*:*:*:*:*:*:*",
"matchCriteriaId": "62B3F7A8-88CA-488B-BE10-D1EC135D3493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.21.142:*:*:*:*:*:*:*",
"matchCriteriaId": "A8FD7266-EAD4-4513-A4B7-46E7E3409062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.30.151:*:*:*:*:*:*:*",
"matchCriteriaId": "6643C492-E63C-4D31-81D8-4B563635B38A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.31.152:*:*:*:*:*:*:*",
"matchCriteriaId": "543F3954-CBB0-4F33-B952-DEB1FA0923D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.40.155:*:*:*:*:*:*:*",
"matchCriteriaId": "15353BD2-859B-4A64-A74B-49DBD5DEE8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.00.162:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D406A8-E397-4E59-9220-ED8162663202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.01.163:*:*:*:*:*:*:*",
"matchCriteriaId": "D38D0BF5-4D7B-494F-9100-D3812CB91149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.02.165:*:*:*:*:*:*:*",
"matchCriteriaId": "15CE8B1E-93E5-42BD-8D67-6D3E7381ED7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.10.169:*:*:*:*:*:*:*",
"matchCriteriaId": "A22F74A0-6801-4B17-B1FB-CF282D60219E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.12.172:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4A6DC9-83AE-4CBE-A46F-C16BD1716E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.20.175:*:*:*:*:*:*:*",
"matchCriteriaId": "AB789F4A-43FF-4850-B5E3-7A9125CAFC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.21.177:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCA7E99-0F06-4893-B19B-47791CC7EE61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.22.178:*:*:*:*:*:*:*",
"matchCriteriaId": "CE30EC61-9443-4918-99BE-BCF5ED3D2EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.30.186:*:*:*:*:*:*:*",
"matchCriteriaId": "D166EA83-0FB6-4310-A3C9-1E9F4A901454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.00.245:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CAE88B-771E-4255-B579-48B891100BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.01.246:*:*:*:*:*:*:*",
"matchCriteriaId": "7C58DAA2-EE67-4030-BBE5-138D5B1E43B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.02.248:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2DD3A6-36AB-4D2A-A490-EA47BFDC219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.03.249:*:*:*:*:*:*:*",
"matchCriteriaId": "04756FB8-990A-4839-956E-3965C7C40CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.05.252:*:*:*:*:*:*:*",
"matchCriteriaId": "248268EB-7BEE-4C50-B175-4107379C215D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.10.256:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF062A5-896D-4C6B-853F-D86CABFD1EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.11.257:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5949B9-8A9D-486E-9AEF-4DBFDF740CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.13.260:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB1E6C5-045C-4B40-9DC2-D6BAB8820127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.14.261:*:*:*:*:*:*:*",
"matchCriteriaId": "30558753-22EE-46E1-800E-22CA07A6B05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.20.263:*:*:*:*:*:*:*",
"matchCriteriaId": "E961C1A7-AF9A-4660-8405-3D5A64F3B533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.21.264:*:*:*:*:*:*:*",
"matchCriteriaId": "D1070D8A-2D03-43D4-B372-D5E14F2D4B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.22.265:*:*:*:*:*:*:*",
"matchCriteriaId": "D5ACAFBB-FD29-43AC-BCC5-5A52BFF77B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.23.266:*:*:*:*:*:*:*",
"matchCriteriaId": "DADDF370-C0EA-4B4D-AAE2-A692876D0D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.30.269:*:*:*:*:*:*:*",
"matchCriteriaId": "632CAD3F-A178-4391-A66B-242B644D61DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.31.272:*:*:*:*:*:*:*",
"matchCriteriaId": "28B8F3F5-E9B2-46BF-897D-5C731D434A23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.00.303:*:*:*:*:*:*:*",
"matchCriteriaId": "B7867536-1E2B-4823-9B96-2E95C12C6D1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.01.306:*:*:*:*:*:*:*",
"matchCriteriaId": "6591BEBD-2585-4E26-AE0D-87677F705345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.02.307:*:*:*:*:*:*:*",
"matchCriteriaId": "0C808239-0C8D-4A61-9279-7B87490AF3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.03.308:*:*:*:*:*:*:*",
"matchCriteriaId": "97866525-1847-493B-AB6F-C81BBFA63240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.03.309:*:*:*:*:*:*:*",
"matchCriteriaId": "DC424CF1-E958-49DE-8EDA-1B95BE162375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.03.310:*:*:*:*:*:*:*",
"matchCriteriaId": "D609A391-3FD0-4C55-B6B1-FB90BFB50516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.04.311:*:*:*:*:*:*:*",
"matchCriteriaId": "022B5D4A-477A-4037-993F-59D52634E160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.04.312:*:*:*:*:*:*:*",
"matchCriteriaId": "010C2855-0A91-4321-80E7-1006D7596A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.04.313:*:*:*:*:*:*:*",
"matchCriteriaId": "82DF1B96-5794-4964-87A6-A75F233C972B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.04.314:*:*:*:*:*:*:*",
"matchCriteriaId": "BF24D89C-886B-4F41-9EB3-C3CEB320E514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.04.315:*:*:*:*:*:*:*",
"matchCriteriaId": "061A2F4B-40A4-42A2-B7AA-6EA57C809154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.316:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD19182-0322-4909-AEEA-824613843582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.317:*:*:*:*:*:*:*",
"matchCriteriaId": "984E4A46-2136-4FA1-B328-CA9645A195EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.318:*:*:*:*:*:*:*",
"matchCriteriaId": "02A5FFD7-0ED6-46F3-B643-C0F9DCF0103A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.319:*:*:*:*:*:*:*",
"matchCriteriaId": "415CFF11-496C-45FD-AE7E-C9DCD99D03CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.320:*:*:*:*:*:*:*",
"matchCriteriaId": "583783D1-66BB-47B7-B42C-6AA42B40E715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.321:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F3317A-F670-4D54-A865-7E109CF458F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.322:*:*:*:*:*:*:*",
"matchCriteriaId": "874BABE9-0050-42DF-94D8-A7363A56F043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.323:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBAE358-F701-4411-975F-D1FDB9B50E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.324:*:*:*:*:*:*:*",
"matchCriteriaId": "682F0251-73E7-4A2D-B0AA-1C14082759BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.325:*:*:*:*:*:*:*",
"matchCriteriaId": "C00D9441-05EC-4EC5-A283-204B6CCDC97C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.326:*:*:*:*:*:*:*",
"matchCriteriaId": "832F0A39-D4EC-4E49-AA05-778D36EC1352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.327:*:*:*:*:*:*:*",
"matchCriteriaId": "132E01C8-F39B-4586-8A43-70017921213D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.10.328:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAF6A11-9AF4-40A5-96C4-536C40F4D97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.10.329:*:*:*:*:*:*:*",
"matchCriteriaId": "3F09A5C8-3886-49AA-B34F-90978BD8202C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.11.330:*:*:*:*:*:*:*",
"matchCriteriaId": "74AD32A4-60F2-4D35-99E9-EDC919039B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.11.331:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE2E24-9B42-4B53-916A-43CC82893B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.12.332:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2F7546-3FFB-42B4-8A29-D97867F03DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.12.333:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA6ACB-C1BE-4C58-B707-2D8F6F842130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.12.334:*:*:*:*:*:*:*",
"matchCriteriaId": "0953B912-E560-43DC-8994-C39F21706700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.12.335:*:*:*:*:*:*:*",
"matchCriteriaId": "7F27CD13-DEAE-4F87-8288-C16F4BF8FA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.12.336:*:*:*:*:*:*:*",
"matchCriteriaId": "A31239C4-E154-4429-B49F-F2A649F8AE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.20.342:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C2983D-AB3C-45C1-AFA7-FDA3425026C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.21.347:*:*:*:*:*:*:*",
"matchCriteriaId": "48D0471F-FB59-4078-8EDA-41A49932475A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.22.350:*:*:*:*:*:*:*",
"matchCriteriaId": "11B62506-3E75-457B-B193-4B0F99037B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.23.351:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BA2B3A-FD78-4024-A067-C77BFA026FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.24.352:*:*:*:*:*:*:*",
"matchCriteriaId": "A90B308C-2D6C-403E-B582-570D201A9879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.25.356:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E4DB4F-E319-4984-975F-5EA25FFACBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.26.361:*:*:*:*:*:*:*",
"matchCriteriaId": "F48F0343-87CE-4968-AF61-E3B934D23FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.27.362:*:*:*:*:*:*:*",
"matchCriteriaId": "153652C4-8E08-46B4-9B6F-4D121312EE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.30.367:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F59DF3-80B9-4872-B68B-0836896A8226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.31.373:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3339CB-70FC-4B79-BEE8-4FC12C404954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.32.376:*:*:*:*:*:*:*",
"matchCriteriaId": "667E8442-6358-4322-906B-903F1D7CD886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.33.380:*:*:*:*:*:*:*",
"matchCriteriaId": "617CA9F2-35A1-4754-8AE6-45B37CC225C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.33.381:*:*:*:*:*:*:*",
"matchCriteriaId": "3E14CEA9-6757-4ACF-8CE6-9B8A9C879CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.35.385:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4AF845-55DC-4681-BD7E-5B171EF8450E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.36.386:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4D21CF-6981-46E3-8130-4124259409E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.37.387:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3B6D9B-9F8F-4B8A-BD75-01BE0E1A9541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.38.388:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E3B7FC-E505-47C6-B510-02E67747E9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.39.389:*:*:*:*:*:*:*",
"matchCriteriaId": "964E3418-D7A0-4FA5-8249-049103DBC687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.00.492:*:*:*:*:*:*:*",
"matchCriteriaId": "682C5EB2-2C3A-4371-AD1D-082685D15B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.01.512:*:*:*:*:*:*:*",
"matchCriteriaId": "D3388C2B-233F-4307-8B34-7B0F241487D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.03.537:*:*:*:*:*:*:*",
"matchCriteriaId": "141D1541-354A-4386-BEA1-FE57B2FA0913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.04.545:*:*:*:*:*:*:*",
"matchCriteriaId": "65CB795F-F39B-439B-AFDC-917EE775135B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.05.550:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC13470-2F33-44E7-A615-EE73502472CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.06.555:*:*:*:*:*:*:*",
"matchCriteriaId": "52A03137-A56B-400C-8E59-F3DC48E5FC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.10.560:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5DEEE9-6FFE-46AD-80DE-C40F7C7130B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.20.587:*:*:*:*:*:*:*",
"matchCriteriaId": "885C82A5-5193-4ADD-8302-D244B7E7B597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.21.596:*:*:*:*:*:*:*",
"matchCriteriaId": "6875C466-0908-485D-89D4-347517C18EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.23.616:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4A5FE9-D5E1-4C9A-A63B-1ED342AB73E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.24.621:*:*:*:*:*:*:*",
"matchCriteriaId": "F6606E4C-19AA-4740-A10F-949FB073BE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.25.622:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE6EFC3-7178-44FC-809A-9B92DB664181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.26.630:*:*:*:*:*:*:*",
"matchCriteriaId": "219717BD-DA85-444E-A6FC-227295987306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0C669B1E-663D-40CE-A14D-C1025A282C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABE51D2-CABB-42E5-AD8C-9243367B7AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "318E4232-E26E-4CB8-8E0B-B6B8B6F242F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CC102142-655E-4C42-A88B-C8F03F5ED0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F3432E-B2A2-48FC-86A2-246EE2C4E8C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "611D684E-35C8-492D-9B0D-9B2D3A93B1E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "24DF992E-56F0-4A4B-9E93-77C9EC67D452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "613AB39B-673E-42A2-9A44-6027A61CFD02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via \"..//\" sequences in the xcrc command."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en TitanFTPd en South River Technologies Titan FTP Server v8.10.1125, y probablemente versiones anteriores, permite a usuarios autentificados remotamente leer ficheros de su elecci\u00f3n, tama\u00f1o de fichero determinado, a trav\u00e9s de la secuencia \"..//\" en el comando xcrc. \r\n"
}
],
"id": "CVE-2010-2426",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-24T12:17:45.170",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/65533"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40237"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/511839/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40949"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/65533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511839/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59492"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 17:15
Modified
2024-11-21 08:27
Severity ?
Summary
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_ftp_server | * | |
| southrivertech | titan_mft_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6789AE7E-5499-4F33-954F-B051EF52C213",
"versionEndIncluding": "2.0.16.2277",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "6F4EB0AE-8C4A-4FF6-AE00-D87C9719C6D7",
"versionEndExcluding": "2.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Default file permissions on South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux allows a user that\u0027s authentication to the OS to read sensitive files on the filesystem"
},
{
"lang": "es",
"value": "Los permisos de archivos predeterminados en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux permiten que un usuario que se autentica en el sistema operativo lea archivos confidenciales en el sistema de archivos."
}
],
"id": "CVE-2023-45690",
"lastModified": "2024-11-21T08:27:13.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T17:15:10.310",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-14 20:15
Modified
2025-03-20 21:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_ftp_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13DC6D97-D3C0-4DBC-9BB5-349375E50E7F",
"versionEndIncluding": "1.94.1205",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server\u0027s filesystem."
}
],
"id": "CVE-2023-22629",
"lastModified": "2025-03-20T21:15:17.687",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-14T20:15:16.767",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://f20.be/cves/titan-ftp-vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://titanftp.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://f20.be/cves/titan-ftp-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://titanftp.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-03 21:29
Modified
2024-11-21 04:18
Severity ?
Summary
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_ftp_server | 2019 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2019:3505:*:*:*:*:*:*",
"matchCriteriaId": "926A03A3-BD6F-4D2F-9018-437F5171EA83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \\..\\..\\ technique, arbitrary files can be loaded in the server response outside the root directory."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de Recorrido de directorios en la GUI web en el servidor FTP 2019 Build 3505 de Titan. Cuando un usuario identificado intenta obtener una vista previa de un archivo cargado (a trav\u00e9s de PreviewHandler.ashx) utilizando una t\u00e9cnica \\ .. \\ .. \\, los archivos arbitrarios pueden ser cargado en la respuesta del servidor fuera del directorio ra\u00edz."
}
],
"id": "CVE-2019-10009",
"lastModified": "2024-11-21T04:18:12.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-03T21:29:00.350",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2019/Mar/47"
},
{
"source": "cve@mitre.org",
"url": "http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Mar/47"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46611"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/46611/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/Mar/47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Mar/47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/46611/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 07:27
Severity ?
Summary
There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://drive.google.com/file/d/1oLJaqs5RRNQLT1Hyy-tgEzzhGLB0506J/view?usp=sharing | Broken Link | |
| cve@mitre.org | https://github.com/JBalanza/CVE-2022-44215 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drive.google.com/file/d/1oLJaqs5RRNQLT1Hyy-tgEzzhGLB0506J/view?usp=sharing | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/JBalanza/CVE-2022-44215 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_ftp_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95740E8D-D52A-4ADF-822A-AC2E60ACB02A",
"versionEndIncluding": "19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de redirecci\u00f3n abierta en las versiones 19.0 e inferiores del servidor Titan FTP. Los usuarios son redirigidos a cualquier URL de destino."
}
],
"id": "CVE-2022-44215",
"lastModified": "2024-11-21T07:27:45.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-22T19:16:29.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://drive.google.com/file/d/1oLJaqs5RRNQLT1Hyy-tgEzzhGLB0506J/view?usp=sharing"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/JBalanza/CVE-2022-44215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://drive.google.com/file/d/1oLJaqs5RRNQLT1Hyy-tgEzzhGLB0506J/view?usp=sharing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/JBalanza/CVE-2022-44215"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-29 10:37
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_ftp_server | * | |
| southrivertech | titan_ftp_server | 10.0.1733 | |
| southrivertech | titan_ftp_server | 10.01.1740 | |
| southrivertech | titan_ftp_server | 10.30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "616CA981-B96B-447F-B55A-75182A0ADDB9",
"versionEndIncluding": "10.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:10.0.1733:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4F7870-2207-4F14-8BFF-E7B18D7C016F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:10.01.1740:*:*:*:*:*:*:*",
"matchCriteriaId": "C505A088-0DCC-4E91-8266-EB55BF42E7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA0F371-003E-447F-B3DB-951EA39091B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user\u0027s home folder via a Move action with a .. (dot dot) in the src parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la interfaz web en Titan FTP Server anterior a 10.40 build 1829 permite a atacantes remotos copiar una carpeta home de usuario arbitraria a trav\u00e9s de una acci\u00f3n Move con un .. (punto punto) en el par\u00e1metro src."
}
],
"id": "CVE-2014-1841",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-29T10:37:03.763",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/103195"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/103195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65462"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-24 12:17
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61039826-0057-40BF-8F02-C37EA0DA7979",
"versionEndIncluding": "8.10.1125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1960AB-2FC9-4103-9EF0-C04101E0306F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "12279FA7-288E-4CED-AD2E-00C029678B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "98258371-4CAE-4D5B-B117-0BECBD910422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "23FCFE36-8E20-47D2-BBE7-BF3F0B97CEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8D56DE-57B9-4335-AA8E-CFF30AB6E030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "31D1ECAE-0AD5-4B4E-A624-CC3E03A51EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B7EDBF6E-BDF1-41D1-87FF-287171BE54A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "A7612F70-CE0D-4BA3-A8A2-67A3D772C487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "4E971345-2B55-444E-AC41-432A0C8A2E08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "FF707E79-F974-403A-B01D-EC46D0A7B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F903B4-5A9E-439F-94AC-B02B69E856AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD94D00-8831-4932-8E81-B927F7E924D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "21367D7B-3D6A-4921-AB00-1DA87404E27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CA14F899-F8D7-45E1-8B51-4FE843EE0FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "06552CFC-10A7-435E-8468-54D4B2706E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A7535B-3254-43DE-970B-09558DD48C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:1.11.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D40C972B-A937-45F4-9564-74D02741FF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.0.44:beta:*:*:*:*:*:*",
"matchCriteriaId": "BA92AF6F-8098-4FF3-998D-D60F4F3AC1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.00.95:*:*:*:*:*:*:*",
"matchCriteriaId": "9674DC36-D9EA-4A2B-98F9-95C5B988D626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.01.96:*:*:*:*:*:*:*",
"matchCriteriaId": "BC729747-026A-48E2-A757-E163F9365920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.02.99:*:*:*:*:*:*:*",
"matchCriteriaId": "B89752F2-1C9E-40B8-8979-A62E95F57E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.10.119:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC5D253-D10D-4CBE-9860-A03E588FFE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.10.120:*:*:*:*:*:*:*",
"matchCriteriaId": "6F87BBFD-CA31-4A3F-BDE3-34EF541854E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.10.121:*:*:*:*:*:*:*",
"matchCriteriaId": "C36112B3-AAF4-4436-820A-0A0E122F710E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.11.132:*:*:*:*:*:*:*",
"matchCriteriaId": "A42ECC42-A1DC-4081-9A7B-348A50E59964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.20.140:*:*:*:*:*:*:*",
"matchCriteriaId": "62B3F7A8-88CA-488B-BE10-D1EC135D3493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.21.142:*:*:*:*:*:*:*",
"matchCriteriaId": "A8FD7266-EAD4-4513-A4B7-46E7E3409062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.30.151:*:*:*:*:*:*:*",
"matchCriteriaId": "6643C492-E63C-4D31-81D8-4B563635B38A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.31.152:*:*:*:*:*:*:*",
"matchCriteriaId": "543F3954-CBB0-4F33-B952-DEB1FA0923D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:2.40.155:*:*:*:*:*:*:*",
"matchCriteriaId": "15353BD2-859B-4A64-A74B-49DBD5DEE8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.00.162:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D406A8-E397-4E59-9220-ED8162663202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.01.163:*:*:*:*:*:*:*",
"matchCriteriaId": "D38D0BF5-4D7B-494F-9100-D3812CB91149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.02.165:*:*:*:*:*:*:*",
"matchCriteriaId": "15CE8B1E-93E5-42BD-8D67-6D3E7381ED7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.10.169:*:*:*:*:*:*:*",
"matchCriteriaId": "A22F74A0-6801-4B17-B1FB-CF282D60219E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.12.172:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4A6DC9-83AE-4CBE-A46F-C16BD1716E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.20.175:*:*:*:*:*:*:*",
"matchCriteriaId": "AB789F4A-43FF-4850-B5E3-7A9125CAFC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.21.177:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCA7E99-0F06-4893-B19B-47791CC7EE61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.22.178:*:*:*:*:*:*:*",
"matchCriteriaId": "CE30EC61-9443-4918-99BE-BCF5ED3D2EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:3.30.186:*:*:*:*:*:*:*",
"matchCriteriaId": "D166EA83-0FB6-4310-A3C9-1E9F4A901454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.00.245:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CAE88B-771E-4255-B579-48B891100BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.01.246:*:*:*:*:*:*:*",
"matchCriteriaId": "7C58DAA2-EE67-4030-BBE5-138D5B1E43B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.02.248:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2DD3A6-36AB-4D2A-A490-EA47BFDC219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.03.249:*:*:*:*:*:*:*",
"matchCriteriaId": "04756FB8-990A-4839-956E-3965C7C40CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.05.252:*:*:*:*:*:*:*",
"matchCriteriaId": "248268EB-7BEE-4C50-B175-4107379C215D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.10.256:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF062A5-896D-4C6B-853F-D86CABFD1EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.11.257:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5949B9-8A9D-486E-9AEF-4DBFDF740CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.13.260:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB1E6C5-045C-4B40-9DC2-D6BAB8820127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.14.261:*:*:*:*:*:*:*",
"matchCriteriaId": "30558753-22EE-46E1-800E-22CA07A6B05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.20.263:*:*:*:*:*:*:*",
"matchCriteriaId": "E961C1A7-AF9A-4660-8405-3D5A64F3B533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.21.264:*:*:*:*:*:*:*",
"matchCriteriaId": "D1070D8A-2D03-43D4-B372-D5E14F2D4B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.22.265:*:*:*:*:*:*:*",
"matchCriteriaId": "D5ACAFBB-FD29-43AC-BCC5-5A52BFF77B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.23.266:*:*:*:*:*:*:*",
"matchCriteriaId": "DADDF370-C0EA-4B4D-AAE2-A692876D0D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.30.269:*:*:*:*:*:*:*",
"matchCriteriaId": "632CAD3F-A178-4391-A66B-242B644D61DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:4.31.272:*:*:*:*:*:*:*",
"matchCriteriaId": "28B8F3F5-E9B2-46BF-897D-5C731D434A23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.00.303:*:*:*:*:*:*:*",
"matchCriteriaId": "B7867536-1E2B-4823-9B96-2E95C12C6D1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.01.306:*:*:*:*:*:*:*",
"matchCriteriaId": "6591BEBD-2585-4E26-AE0D-87677F705345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.02.307:*:*:*:*:*:*:*",
"matchCriteriaId": "0C808239-0C8D-4A61-9279-7B87490AF3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.03.308:*:*:*:*:*:*:*",
"matchCriteriaId": "97866525-1847-493B-AB6F-C81BBFA63240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.03.309:*:*:*:*:*:*:*",
"matchCriteriaId": "DC424CF1-E958-49DE-8EDA-1B95BE162375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.03.310:*:*:*:*:*:*:*",
"matchCriteriaId": "D609A391-3FD0-4C55-B6B1-FB90BFB50516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.04.311:*:*:*:*:*:*:*",
"matchCriteriaId": "022B5D4A-477A-4037-993F-59D52634E160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.04.312:*:*:*:*:*:*:*",
"matchCriteriaId": "010C2855-0A91-4321-80E7-1006D7596A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.04.313:*:*:*:*:*:*:*",
"matchCriteriaId": "82DF1B96-5794-4964-87A6-A75F233C972B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.04.314:*:*:*:*:*:*:*",
"matchCriteriaId": "BF24D89C-886B-4F41-9EB3-C3CEB320E514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.04.315:*:*:*:*:*:*:*",
"matchCriteriaId": "061A2F4B-40A4-42A2-B7AA-6EA57C809154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.316:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD19182-0322-4909-AEEA-824613843582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.317:*:*:*:*:*:*:*",
"matchCriteriaId": "984E4A46-2136-4FA1-B328-CA9645A195EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.318:*:*:*:*:*:*:*",
"matchCriteriaId": "02A5FFD7-0ED6-46F3-B643-C0F9DCF0103A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.319:*:*:*:*:*:*:*",
"matchCriteriaId": "415CFF11-496C-45FD-AE7E-C9DCD99D03CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.320:*:*:*:*:*:*:*",
"matchCriteriaId": "583783D1-66BB-47B7-B42C-6AA42B40E715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.321:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F3317A-F670-4D54-A865-7E109CF458F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.322:*:*:*:*:*:*:*",
"matchCriteriaId": "874BABE9-0050-42DF-94D8-A7363A56F043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.323:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBAE358-F701-4411-975F-D1FDB9B50E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.324:*:*:*:*:*:*:*",
"matchCriteriaId": "682F0251-73E7-4A2D-B0AA-1C14082759BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.325:*:*:*:*:*:*:*",
"matchCriteriaId": "C00D9441-05EC-4EC5-A283-204B6CCDC97C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.326:*:*:*:*:*:*:*",
"matchCriteriaId": "832F0A39-D4EC-4E49-AA05-778D36EC1352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.05.327:*:*:*:*:*:*:*",
"matchCriteriaId": "132E01C8-F39B-4586-8A43-70017921213D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.10.328:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAF6A11-9AF4-40A5-96C4-536C40F4D97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.10.329:*:*:*:*:*:*:*",
"matchCriteriaId": "3F09A5C8-3886-49AA-B34F-90978BD8202C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.11.330:*:*:*:*:*:*:*",
"matchCriteriaId": "74AD32A4-60F2-4D35-99E9-EDC919039B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.11.331:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE2E24-9B42-4B53-916A-43CC82893B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.12.332:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2F7546-3FFB-42B4-8A29-D97867F03DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.12.333:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA6ACB-C1BE-4C58-B707-2D8F6F842130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.12.334:*:*:*:*:*:*:*",
"matchCriteriaId": "0953B912-E560-43DC-8994-C39F21706700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.12.335:*:*:*:*:*:*:*",
"matchCriteriaId": "7F27CD13-DEAE-4F87-8288-C16F4BF8FA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.12.336:*:*:*:*:*:*:*",
"matchCriteriaId": "A31239C4-E154-4429-B49F-F2A649F8AE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.20.342:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C2983D-AB3C-45C1-AFA7-FDA3425026C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.21.347:*:*:*:*:*:*:*",
"matchCriteriaId": "48D0471F-FB59-4078-8EDA-41A49932475A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.22.350:*:*:*:*:*:*:*",
"matchCriteriaId": "11B62506-3E75-457B-B193-4B0F99037B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.23.351:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BA2B3A-FD78-4024-A067-C77BFA026FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.24.352:*:*:*:*:*:*:*",
"matchCriteriaId": "A90B308C-2D6C-403E-B582-570D201A9879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.25.356:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E4DB4F-E319-4984-975F-5EA25FFACBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.26.361:*:*:*:*:*:*:*",
"matchCriteriaId": "F48F0343-87CE-4968-AF61-E3B934D23FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.27.362:*:*:*:*:*:*:*",
"matchCriteriaId": "153652C4-8E08-46B4-9B6F-4D121312EE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.30.367:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F59DF3-80B9-4872-B68B-0836896A8226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.31.373:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3339CB-70FC-4B79-BEE8-4FC12C404954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.32.376:*:*:*:*:*:*:*",
"matchCriteriaId": "667E8442-6358-4322-906B-903F1D7CD886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.33.380:*:*:*:*:*:*:*",
"matchCriteriaId": "617CA9F2-35A1-4754-8AE6-45B37CC225C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.33.381:*:*:*:*:*:*:*",
"matchCriteriaId": "3E14CEA9-6757-4ACF-8CE6-9B8A9C879CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.35.385:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4AF845-55DC-4681-BD7E-5B171EF8450E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.36.386:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4D21CF-6981-46E3-8130-4124259409E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.37.387:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3B6D9B-9F8F-4B8A-BD75-01BE0E1A9541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.38.388:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E3B7FC-E505-47C6-B510-02E67747E9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:5.39.389:*:*:*:*:*:*:*",
"matchCriteriaId": "964E3418-D7A0-4FA5-8249-049103DBC687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.00.492:*:*:*:*:*:*:*",
"matchCriteriaId": "682C5EB2-2C3A-4371-AD1D-082685D15B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.01.512:*:*:*:*:*:*:*",
"matchCriteriaId": "D3388C2B-233F-4307-8B34-7B0F241487D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.03.537:*:*:*:*:*:*:*",
"matchCriteriaId": "141D1541-354A-4386-BEA1-FE57B2FA0913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.04.545:*:*:*:*:*:*:*",
"matchCriteriaId": "65CB795F-F39B-439B-AFDC-917EE775135B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.05.550:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC13470-2F33-44E7-A615-EE73502472CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.06.555:*:*:*:*:*:*:*",
"matchCriteriaId": "52A03137-A56B-400C-8E59-F3DC48E5FC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.10.560:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5DEEE9-6FFE-46AD-80DE-C40F7C7130B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.20.587:*:*:*:*:*:*:*",
"matchCriteriaId": "885C82A5-5193-4ADD-8302-D244B7E7B597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.21.596:*:*:*:*:*:*:*",
"matchCriteriaId": "6875C466-0908-485D-89D4-347517C18EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.23.616:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4A5FE9-D5E1-4C9A-A63B-1ED342AB73E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.24.621:*:*:*:*:*:*:*",
"matchCriteriaId": "F6606E4C-19AA-4740-A10F-949FB073BE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.25.622:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE6EFC3-7178-44FC-809A-9B92DB664181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.26.630:*:*:*:*:*:*:*",
"matchCriteriaId": "219717BD-DA85-444E-A6FC-227295987306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0C669B1E-663D-40CE-A14D-C1025A282C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABE51D2-CABB-42E5-AD8C-9243367B7AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "318E4232-E26E-4CB8-8E0B-B6B8B6F242F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CC102142-655E-4C42-A88B-C8F03F5ED0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F3432E-B2A2-48FC-86A2-246EE2C4E8C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "611D684E-35C8-492D-9B0D-9B2D3A93B1E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "24DF992E-56F0-4A4B-9E93-77C9EC67D452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "613AB39B-673E-42A2-9A44-6027A61CFD02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via \"..//\" sequences in a COMB command."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en TitanFTPd en South River Technologies Titan FTP Server v8.10.1125, y probablemente versiones anteriores, permite a usuarios autentificados remotamente leer ficheroso borrar ficheros de su elecci\u00f3n a trav\u00e9s de la secuencia \"..//\" en el comando COMB. \r\n"
}
],
"id": "CVE-2010-2425",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-24T12:17:45.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40237"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/65622"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/511873/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/65622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511873/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40949"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-29 10:37
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_ftp_server | * | |
| southrivertech | titan_ftp_server | 10.0.1733 | |
| southrivertech | titan_ftp_server | 10.01.1740 | |
| southrivertech | titan_ftp_server | 10.30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "616CA981-B96B-447F-B55A-75182A0ADDB9",
"versionEndIncluding": "10.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:10.0.1733:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4F7870-2207-4F14-8BFF-E7B18D7C016F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:10.01.1740:*:*:*:*:*:*:*",
"matchCriteriaId": "C505A088-0DCC-4E91-8266-EB55BF42E7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA0F371-003E-447F-B3DB-951EA39091B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la interfaz web en Titan FTP Server anterior a 10.40 build 1829 permite a atacantes remotos obtener la informaci\u00f3n de propiedad de una carpeta home arbitraria a trav\u00e9s de una acci\u00f3n Properties con un .. (punto punto) en el par\u00e1metro src."
}
],
"id": "CVE-2014-1843",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-29T10:37:03.810",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/103197"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/103197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65469"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-06 11:30
Modified
2025-04-09 00:30
Severity ?
Summary
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_ftp_server | 6.26 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB48367-14F1-48F5-A0A8-6AFBCEBF80BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command."
},
{
"lang": "es",
"value": "Titan FTP Server v6.26 build 630 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s del comando \"SITE WHO\"."
}
],
"id": "CVE-2008-6082",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-06T11:30:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32269"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/49177"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31757"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45871"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/49177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6753"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-29 10:37
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_ftp_server | * | |
| southrivertech | titan_ftp_server | 10.0.1733 | |
| southrivertech | titan_ftp_server | 10.01.1740 | |
| southrivertech | titan_ftp_server | 10.30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "616CA981-B96B-447F-B55A-75182A0ADDB9",
"versionEndIncluding": "10.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:10.0.1733:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4F7870-2207-4F14-8BFF-E7B18D7C016F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:10.01.1740:*:*:*:*:*:*:*",
"matchCriteriaId": "C505A088-0DCC-4E91-8266-EB55BF42E7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA0F371-003E-447F-B3DB-951EA39091B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la interfaz web en Titan FTP Server anterior a 10.40 build 1829 permite a atacantes remotos listar todos los nombres de usuarios a trav\u00e9s de una acci\u00f3n Go con un .. (punto punto) en el valor de barra de b\u00fasqueda."
}
],
"id": "CVE-2014-1842",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-29T10:37:03.780",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/103196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/31579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/103196"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}