Vulnerabilites related to ipswitch - ws_ftp
CVE-2009-4775 (GCVE-0-2009-4775)
Vulnerability from cvelistv5
Published
2010-04-21 14:00
Modified
2024-08-07 07:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response.
References
| ▼ | URL | Tags |
|---|---|---|
| http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53098 | vdb-entry, x_refsource_XF | |
| http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/9607 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/36297 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23"
},
{
"name": "wsftp-http-format-string(53098)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt"
},
{
"name": "9607",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9607"
},
{
"name": "36297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23"
},
{
"name": "wsftp-http-format-string(53098)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt"
},
{
"name": "9607",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9607"
},
{
"name": "36297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23",
"refsource": "CONFIRM",
"url": "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23"
},
{
"name": "wsftp-http-format-string(53098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53098"
},
{
"name": "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt"
},
{
"name": "9607",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9607"
},
{
"name": "36297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4775",
"datePublished": "2010-04-21T14:00:00",
"dateReserved": "2010-04-21T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4555 (GCVE-0-2007-4555)
Vulnerability from cvelistv5
Published
2007-08-28 00:00
Modified
2024-08-07 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/37961 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/3068 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/26529 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065441.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36237 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37961",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37961"
},
{
"name": "3068",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3068"
},
{
"name": "26529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26529"
},
{
"name": "20070823 Ipswitch FTP XSS leads to FTP server compromise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065441.html"
},
{
"name": "ipswitch-wsftp-ftpcommand-xss(36237)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37961",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37961"
},
{
"name": "3068",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3068"
},
{
"name": "26529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26529"
},
{
"name": "20070823 Ipswitch FTP XSS leads to FTP server compromise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065441.html"
},
{
"name": "ipswitch-wsftp-ftpcommand-xss(36237)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37961",
"refsource": "OSVDB",
"url": "http://osvdb.org/37961"
},
{
"name": "3068",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3068"
},
{
"name": "26529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26529"
},
{
"name": "20070823 Ipswitch FTP XSS leads to FTP server compromise",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065441.html"
},
{
"name": "ipswitch-wsftp-ftpcommand-xss(36237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4555",
"datePublished": "2007-08-28T00:00:00",
"dateReserved": "2007-08-27T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16513 (GCVE-0-2017-16513)
Vulnerability from cvelistv5
Published
2017-11-03 15:00
Modified
2024-08-05 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite/ | x_refsource_MISC | |
| https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/43115/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:03.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm"
},
{
"name": "43115",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43115/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm"
},
{
"name": "43115",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43115/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite/",
"refsource": "MISC",
"url": "https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite/"
},
{
"name": "https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm",
"refsource": "MISC",
"url": "https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm"
},
{
"name": "43115",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43115/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16513",
"datePublished": "2017-11-03T15:00:00",
"dateReserved": "2017-11-03T00:00:00",
"dateUpdated": "2024-08-05T20:27:03.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5693 (GCVE-0-2008-5693)
Vulnerability from cvelistv5
Published
2008-12-19 18:00
Modified
2024-08-07 11:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/4799 | third-party-advisory, x_refsource_SREASON | |
| http://aluigi.altervista.org/adv/wsftpweblog-adv.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/27654 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/487697/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/487686/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47677 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4799",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
},
{
"name": "27654",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27654"
},
{
"name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
},
{
"name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
},
{
"name": "wsftpserver-wsftpsvr-info-disclosure(47677)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4799",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
},
{
"name": "27654",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27654"
},
{
"name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
},
{
"name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
},
{
"name": "wsftpserver-wsftpsvr-info-disclosure(47677)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47677"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4799",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4799"
},
{
"name": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
},
{
"name": "27654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27654"
},
{
"name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
},
{
"name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
},
{
"name": "wsftpserver-wsftpsvr-info-disclosure(47677)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47677"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5693",
"datePublished": "2008-12-19T18:00:00",
"dateReserved": "2008-12-19T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3823 (GCVE-0-2007-3823)
Vulnerability from cvelistv5
Published
2007-07-17 01:00
Modified
2024-08-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/26040 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.org/0707-advisories/wsftp75290-dos.txt | x_refsource_MISC | |
| http://www.osvdb.org/36218 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35396 | vdb-entry, x_refsource_XF | |
| http://www.vdalabs.com/tools/ipswitch.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0707-advisories/wsftp75290-dos.txt"
},
{
"name": "36218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/36218"
},
{
"name": "ipswitch-ftplogserver-dos(35396)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35396"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vdalabs.com/tools/ipswitch.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0707-advisories/wsftp75290-dos.txt"
},
{
"name": "36218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/36218"
},
{
"name": "ipswitch-ftplogserver-dos(35396)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35396"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vdalabs.com/tools/ipswitch.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26040"
},
{
"name": "http://packetstormsecurity.org/0707-advisories/wsftp75290-dos.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0707-advisories/wsftp75290-dos.txt"
},
{
"name": "36218",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36218"
},
{
"name": "ipswitch-ftplogserver-dos(35396)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35396"
},
{
"name": "http://www.vdalabs.com/tools/ipswitch.html",
"refsource": "MISC",
"url": "http://www.vdalabs.com/tools/ipswitch.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3823",
"datePublished": "2007-07-17T01:00:00",
"dateReserved": "2007-07-16T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5692 (GCVE-0-2008-5692)
Vulnerability from cvelistv5
Published
2008-12-19 18:00
Modified
2024-08-07 11:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/4799 | third-party-advisory, x_refsource_SREASON | |
| http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/0473 | vdb-entry, x_refsource_VUPEN | |
| http://aluigi.altervista.org/adv/wsftpweblog-adv.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/27654 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/487697/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/487686/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/28822 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4799",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4799"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
},
{
"name": "ADV-2008-0473",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0473"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
},
{
"name": "27654",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27654"
},
{
"name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
},
{
"name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
},
{
"name": "28822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4799",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4799"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
},
{
"name": "ADV-2008-0473",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0473"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
},
{
"name": "27654",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27654"
},
{
"name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
},
{
"name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
},
{
"name": "28822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4799",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4799"
},
{
"name": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12",
"refsource": "CONFIRM",
"url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
},
{
"name": "ADV-2008-0473",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0473"
},
{
"name": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
},
{
"name": "27654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27654"
},
{
"name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
},
{
"name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
},
{
"name": "28822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5692",
"datePublished": "2008-12-19T18:00:00",
"dateReserved": "2008-12-19T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2213 (GCVE-0-2007-2213)
Vulnerability from cvelistv5
Published
2007-04-24 20:00
Modified
2024-08-07 13:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/466647/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/466576/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/23584 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33846 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070422 Re: WS_FTP Home 2007 NetscapeFTPHandler denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466647/100/0/threaded"
},
{
"name": "20070421 WS_FTP Home 2007 NetscapeFTPHandler denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466576/100/0/threaded"
},
{
"name": "23584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23584"
},
{
"name": "wsftp-netscapeftphandler-dos(33846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to \"improper arguments.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070422 Re: WS_FTP Home 2007 NetscapeFTPHandler denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466647/100/0/threaded"
},
{
"name": "20070421 WS_FTP Home 2007 NetscapeFTPHandler denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466576/100/0/threaded"
},
{
"name": "23584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23584"
},
{
"name": "wsftp-netscapeftphandler-dos(33846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33846"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to \"improper arguments.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070422 Re: WS_FTP Home 2007 NetscapeFTPHandler denial of service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466647/100/0/threaded"
},
{
"name": "20070421 WS_FTP Home 2007 NetscapeFTPHandler denial of service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466576/100/0/threaded"
},
{
"name": "23584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23584"
},
{
"name": "wsftp-netscapeftphandler-dos(33846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33846"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2213",
"datePublished": "2007-04-24T20:00:00",
"dateReserved": "2007-04-24T00:00:00",
"dateUpdated": "2024-08-07T13:23:51.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0608 (GCVE-0-2008-0608)
Vulnerability from cvelistv5
Published
2008-02-06 11:00
Modified
2024-08-07 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/0408 | vdb-entry, x_refsource_VUPEN | |
| http://aluigi.altervista.org/adv/ftplogsrvz-adv.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/487506/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/27612 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28761 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0408",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0408"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/ftplogsrvz-adv.txt"
},
{
"name": "20080204 Socket termination in FTP Log Server 7.9.14.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487506/100/0/threaded"
},
{
"name": "27612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27612"
},
{
"name": "28761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0408",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0408"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/ftplogsrvz-adv.txt"
},
{
"name": "20080204 Socket termination in FTP Log Server 7.9.14.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487506/100/0/threaded"
},
{
"name": "27612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27612"
},
{
"name": "28761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28761"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0408",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0408"
},
{
"name": "http://aluigi.altervista.org/adv/ftplogsrvz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/ftplogsrvz-adv.txt"
},
{
"name": "20080204 Socket termination in FTP Log Server 7.9.14.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487506/100/0/threaded"
},
{
"name": "27612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27612"
},
{
"name": "28761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28761"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0608",
"datePublished": "2008-02-06T11:00:00",
"dateReserved": "2008-02-05T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-02-06 12:00
Modified
2025-04-09 00:30
Severity ?
Summary
The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "393C0E38-2520-48CC-9484-1264B37BD0C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823."
},
{
"lang": "es",
"value": "El Logging Server (ftplogsrv.exe) 7.9.14.0 y versiones anteriores en IPSwitch WS_FTP 6.1. Permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida de receptividad) a trav\u00e9s de un gran n\u00famero de paquetes grandes al puerto 5151/udp, lo que provoca que el socket que est\u00e1 a la escucha termine y evite que comandos de log se guarden, una vulnerabilidad distinta a CVE-2007-3823."
}
],
"id": "CVE-2008-0608",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-06T12:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/ftplogsrvz-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28761"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487506/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27612"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/ftplogsrvz-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487506/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-28 00:17
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "494CEE79-DCBA-43AF-8EA7-F032A838F76C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Ipswitch WS_FTP permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los argumentos en un comandos v\u00e1lido, el cual no es manejado de forma adecuada cuando se muestra por la vista de la opci\u00f3n de log en la interfaz de administrador. NOTA: esto podr\u00eda solaparse con la creaci\u00f3n de una nueva cuenta de admin."
}
],
"id": "CVE-2007-4555",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-28T00:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065441.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37961"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26529"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3068"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36237"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-17 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:7.5.29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98FAB123-D88A-4572-8CAE-D9822A6C48F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp."
},
{
"lang": "es",
"value": "The Logging Server (Logsrv.exe) en IPSwitch WS_FTP 7.5.29.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) enviando un paquete artesanal que contiene una cadena larga al puerto 5151/udp."
}
],
"id": "CVE-2007-3823",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-17T01:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.org/0707-advisories/wsftp75290-dos.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26040"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/36218"
},
{
"source": "cve@mitre.org",
"url": "http://www.vdalabs.com/tools/ipswitch.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.org/0707-advisories/wsftp75290-dos.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/36218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vdalabs.com/tools/ipswitch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35396"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-19 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | ws_ftp | * | |
| ipswitch | ws_ftp | 1.0.5 | |
| ipswitch | ws_ftp | 2.01 | |
| ipswitch | ws_ftp | 2.02 | |
| ipswitch | ws_ftp | 2.03 | |
| ipswitch | ws_ftp | 3.0 | |
| ipswitch | ws_ftp | 3.0.1 | |
| ipswitch | ws_ftp | 3.1.0 | |
| ipswitch | ws_ftp | 3.1.1 | |
| ipswitch | ws_ftp | 3.1.2 | |
| ipswitch | ws_ftp | 3.1.3 | |
| ipswitch | ws_ftp | 3.14 | |
| ipswitch | ws_ftp | 4.00 | |
| ipswitch | ws_ftp | 4.01 | |
| ipswitch | ws_ftp | 4.02 | |
| ipswitch | ws_ftp | 5.00 | |
| ipswitch | ws_ftp | 5.01 | |
| ipswitch | ws_ftp | 5.02 | |
| ipswitch | ws_ftp | 5.03 | |
| ipswitch | ws_ftp | 5.04 | |
| ipswitch | ws_ftp | 5.05 | |
| ipswitch | ws_ftp | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F836A-4413-4A14-9D99-E15CE2AF7660",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89C81A58-330F-41DC-BEF7-A5850D5DF0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "69ADEDB9-99B5-4F1D-8D3F-CFAB6CA8DED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "BFBC2FE5-2367-4F08-B939-9F3F96356BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EE467C51-6B92-4291-BF49-14422E5FE719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40483FCD-0111-4950-8CAA-BE55DC3161D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "097E2EC7-83DB-47B1-BA69-0234FB2EC9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F87D07A-769A-4D5F-8EAB-3A2FF877DD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1329DB51-5871-4B3C-800D-EA0B99655862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "440A634D-31F4-4B1A-8CAC-42368CBED0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B010EF-AA23-4297-B523-A6909E689D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABD7295-9DB0-418E-ACCB-8623AA44AD39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "155FCE9D-EA9C-48FF-9A07-49DD2232D2EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF2984F-1130-42A3-89F4-AB1CB1E5A4BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "81332CD2-A180-4D79-BA79-6B5FD560CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "06DAC70D-AA7E-4F18-82CD-8EB93C64B1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A37736C6-D729-41AC-BABD-2FBAC371E777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E87011-C9AA-4D52-A8F1-E3172B635929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.03:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2AB91D-0EFB-4E20-978D-D38168F4BFBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "3EBA8A91-2C2D-4C50-AFD1-898C9C79C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "32212E07-9A0F-4E03-A83F-82D11BA0A256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C1CC7B-B4F9-4F15-8EAC-033119C5DA37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name."
},
{
"lang": "es",
"value": "Ipswitch WS_FTP Server Manager anterior a la version 6.1.1, y posiblemente otros productos de Ipswitch, permite a atacantes remotos eludir la autenticaci\u00f3n y leer los logs a trav\u00e9s de una acci\u00f3n logLogout a FTPLogServer/login.asp seguido por una solicitud de FTPLogServer/LogViewer.asp con el nombre de cuenta localhostnull."
}
],
"id": "CVE-2008-5692",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-19T18:30:00.407",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28822"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4799"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27654"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0473"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-21 14:30
Modified
2025-04-11 00:51
Severity ?
Summary
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:12.0:-:home:*:*:*:*:*",
"matchCriteriaId": "826CDF0D-CA1B-44F7-9D8F-CAC5BF28F515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:12.0:-:pro:*:*:*:*:*",
"matchCriteriaId": "6EC946E4-B2F9-4406-8D0F-98A05AEF7F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:12.0.1:-:home:*:*:*:*:*",
"matchCriteriaId": "F1D62B51-9B90-4377-AD99-7F97B66C29A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:12.0.1:-:pro:*:*:*:*:*",
"matchCriteriaId": "675B149F-8864-48E6-B813-E09BA2679013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en Ipswitch WS_FTP Professional v12 anterior a v12.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de especificadores de formato de cadena en el \"status code\" de una respuesta HTTP."
}
],
"id": "CVE-2009-4775",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-21T14:30:00.507",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9607"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36297"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53098"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-24 20:19
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:2007:*:home:*:*:*:*:*",
"matchCriteriaId": "074C6496-2B5E-4C69-A2B1-2F62B07CF12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:2007:*:professional:*:*:*:*:*",
"matchCriteriaId": "F5E699FC-ACB6-41E9-8C69-279801F58D5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to \"improper arguments.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la funci\u00f3n Initialize en NetscapeFTPHandler en WS_FTP Home y Professional 2007 permite a atacantes remotos provocar denegaci\u00f3n de servicio (referencia NULL y caida de aplicaci\u00f3n) a trav\u00e9s de vectores no especificados relacionado con \"argumentos impropios\"."
}
],
"id": "CVE-2007-2213",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-24T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466576/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466647/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23584"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466576/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466647/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33846"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/43115/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43115/ | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:*:*:*:*:professional:*:*:*",
"matchCriteriaId": "02DEA318-E3F7-4283-AD1C-84F100282A3A",
"versionEndExcluding": "12.6.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729."
},
{
"lang": "es",
"value": "Ipswitch WS_FTP Professional en versiones anteriores a la 12.6.0.3 incluye desbordamientos de b\u00fafer en el campo de b\u00fasqueda local y el campo de localizaciones de copias de seguridad. Esto tambi\u00e9n se conoce como WSCLT-1729."
}
],
"id": "CVE-2017-16513",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T15:29:00.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43115/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.ipswitch.com/WS_FTP126/ReleaseNotes/English/index.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/ipswitch-ws_ftp-professional-local-buffer-overflow-seh-overwrite/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43115/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-19 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | ws_ftp | * | |
| ipswitch | ws_ftp | 1.0.5 | |
| ipswitch | ws_ftp | 2.01 | |
| ipswitch | ws_ftp | 2.02 | |
| ipswitch | ws_ftp | 2.03 | |
| ipswitch | ws_ftp | 3.0 | |
| ipswitch | ws_ftp | 3.0.1 | |
| ipswitch | ws_ftp | 3.1.0 | |
| ipswitch | ws_ftp | 3.1.1 | |
| ipswitch | ws_ftp | 3.1.2 | |
| ipswitch | ws_ftp | 3.1.3 | |
| ipswitch | ws_ftp | 3.14 | |
| ipswitch | ws_ftp | 4.00 | |
| ipswitch | ws_ftp | 4.01 | |
| ipswitch | ws_ftp | 4.02 | |
| ipswitch | ws_ftp | 5.00 | |
| ipswitch | ws_ftp | 5.01 | |
| ipswitch | ws_ftp | 5.02 | |
| ipswitch | ws_ftp | 5.03 | |
| ipswitch | ws_ftp | 5.04 | |
| ipswitch | ws_ftp | 5.05 | |
| ipswitch | ws_ftp | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F836A-4413-4A14-9D99-E15CE2AF7660",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89C81A58-330F-41DC-BEF7-A5850D5DF0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "69ADEDB9-99B5-4F1D-8D3F-CFAB6CA8DED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "BFBC2FE5-2367-4F08-B939-9F3F96356BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EE467C51-6B92-4291-BF49-14422E5FE719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40483FCD-0111-4950-8CAA-BE55DC3161D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "097E2EC7-83DB-47B1-BA69-0234FB2EC9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F87D07A-769A-4D5F-8EAB-3A2FF877DD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1329DB51-5871-4B3C-800D-EA0B99655862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "440A634D-31F4-4B1A-8CAC-42368CBED0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B010EF-AA23-4297-B523-A6909E689D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABD7295-9DB0-418E-ACCB-8623AA44AD39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "155FCE9D-EA9C-48FF-9A07-49DD2232D2EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF2984F-1130-42A3-89F4-AB1CB1E5A4BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "81332CD2-A180-4D79-BA79-6B5FD560CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "06DAC70D-AA7E-4F18-82CD-8EB93C64B1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A37736C6-D729-41AC-BABD-2FBAC371E777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E87011-C9AA-4D52-A8F1-E3172B635929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.03:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2AB91D-0EFB-4E20-978D-D38168F4BFBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "3EBA8A91-2C2D-4C50-AFD1-898C9C79C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "32212E07-9A0F-4E03-A83F-82D11BA0A256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ws_ftp:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C1CC7B-B4F9-4F15-8EAC-033119C5DA37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character."
},
{
"lang": "es",
"value": "Ipswitch WS_FTP Server Manager 6.1.0.0 y anteriores, y posiblemente otros productos de Ipswitch, podr\u00eda permitir a atacantes remotos leer el contenido de ficheros ASP en WSFTPSVR/ a trav\u00e9s de una solicitud con un car\u00e1cter punto al final."
}
],
"id": "CVE-2008-5693",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-19T18:30:00.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4799"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27654"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}