Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
28 vulnerabilities found for SurgeFTP by Netwin
CVE-2012-10028 (GCVE-0-2012-10028)
Vulnerability from cvelistv5 – Published: 2025-08-05 20:04 – Updated: 2026-05-15 11:13
VLAI
Title
Netwin SurgeFTP <= v23c8 Authenticated RCE
Summary
Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://www.exploit-db.com/exploits/23522 | exploit |
| https://www.exploit-db.com/exploits/23601 | exploit |
| https://netwinsite.com/surgeftp/ | product |
| https://www.vulncheck.com/advisories/netwin-surge… | third-party-advisory |
Date Public
2012-12-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2012-10028",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T15:49:54.720390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T15:49:58.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/netwin_surgeftp_exec.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23522"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23601"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"surgeftpmgr.cgi"
],
"product": "SurgeFTP",
"vendor": "Netwin",
"versions": [
{
"lessThanOrEqual": "23c8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23c8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Spencer McIntyre"
}
],
"datePublic": "2012-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system."
}
],
"value": "Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:13:55.331Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/netwin_surgeftp_exec.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23522"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23601"
},
{
"tags": [
"product"
],
"url": "https://netwinsite.com/surgeftp/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netwin-surgeftp-auth-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netwin SurgeFTP \u003c= v23c8 Authenticated RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2012-10028",
"datePublished": "2025-08-05T20:04:20.181Z",
"dateReserved": "2025-08-05T16:05:41.764Z",
"dateUpdated": "2026-05-15T11:13:55.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-17933 (GCVE-0-2017-17933)
Vulnerability from cvelistv5 – Published: 2017-12-29 18:00 – Updated: 2024-08-05 21:06
VLAI
Summary
cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/145572/NetW… | x_refsource_MISC |
Date Public
2017-12-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:49.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-29T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17933",
"datePublished": "2017-12-29T18:00:00.000Z",
"dateReserved": "2017-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:06:49.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4742 (GCVE-0-2013-4742)
Vulnerability from cvelistv5 – Published: 2013-08-09 21:00 – Updated: 2024-08-06 16:52
VLAI
Summary
Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/54188 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/95582 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/61403 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2013-07-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54188"
},
{
"name": "surgeftp-cve20134742-vfprint-bo(85922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
},
{
"name": "95582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95582"
},
{
"name": "61403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61403"
},
{
"name": "20130722 SurgeFtp Server BufferOverflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54188"
},
{
"name": "surgeftp-cve20134742-vfprint-bo(85922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
},
{
"name": "95582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95582"
},
{
"name": "61403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61403"
},
{
"name": "20130722 SurgeFtp Server BufferOverflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54188"
},
{
"name": "surgeftp-cve20134742-vfprint-bo(85922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
},
{
"name": "95582",
"refsource": "OSVDB",
"url": "http://osvdb.org/95582"
},
{
"name": "61403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61403"
},
{
"name": "20130722 SurgeFtp Server BufferOverflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4742",
"datePublished": "2013-08-09T21:00:00.000Z",
"dateReserved": "2013-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:52:27.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1068 (GCVE-0-2010-1068)
Vulnerability from cvelistv5 – Published: 2010-03-23 18:00 – Updated: 2024-08-07 01:14
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38097 | third-party-advisoryx_refsource_SECUNIA |
| http://www.exploit-db.com/exploits/11092 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/1001-exploits/surg… | x_refsource_MISC |
Date Public
2010-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:05.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38097"
},
{
"name": "11092",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11092"
},
{
"name": "surgeftp-surgeftpmgr-xss(55509)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38097"
},
{
"name": "11092",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11092"
},
{
"name": "surgeftp-surgeftpmgr-xss(55509)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38097"
},
{
"name": "11092",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11092"
},
{
"name": "surgeftp-surgeftpmgr-xss(55509)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1068",
"datePublished": "2010-03-23T18:00:00.000Z",
"dateReserved": "2010-03-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:14:05.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1052 (GCVE-0-2008-1052)
Vulnerability from cvelistv5 – Published: 2008-02-27 19:00 – Updated: 2024-08-07 08:08
VLAI
Summary
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/488745/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/29096 | third-party-advisoryx_refsource_SECUNIA |
| http://aluigi.altervista.org/adv/surgeftpizza-adv.txt | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/3704 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/27993 | vdb-entryx_refsource_BID |
Date Public
2008-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080225 NULL pointer in SurgeFTP 2.3a2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded"
},
{
"name": "29096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt"
},
{
"name": "surgeftp-contentlength-dos(40843)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843"
},
{
"name": "3704",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3704"
},
{
"name": "27993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080225 NULL pointer in SurgeFTP 2.3a2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded"
},
{
"name": "29096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt"
},
{
"name": "surgeftp-contentlength-dos(40843)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843"
},
{
"name": "3704",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3704"
},
{
"name": "27993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080225 NULL pointer in SurgeFTP 2.3a2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded"
},
{
"name": "29096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29096"
},
{
"name": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt"
},
{
"name": "surgeftp-contentlength-dos(40843)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843"
},
{
"name": "3704",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3704"
},
{
"name": "27993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1052",
"datePublished": "2008-02-27T19:00:00.000Z",
"dateReserved": "2008-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:08:57.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3768 (GCVE-0-2007-3768)
Vulnerability from cvelistv5 – Published: 2007-07-15 21:00 – Updated: 2024-08-07 14:28
VLAI
Summary
The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26061 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/37909 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/2883 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2007/2528 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.grok.org.uk/pipermail/full-disclosur… | x_refsource_MISC |
| http://marc.info/?l=full-disclosure&m=11840953900… | mailing-listx_refsource_FULLDISC |
Date Public
2007-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26061"
},
{
"name": "37909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37909"
},
{
"name": "2883",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2883"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "surgeftp-pasv-dos(35376)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35376"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26061"
},
{
"name": "37909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37909"
},
{
"name": "2883",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2883"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "surgeftp-pasv-dos(35376)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35376"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26061"
},
{
"name": "37909",
"refsource": "OSVDB",
"url": "http://osvdb.org/37909"
},
{
"name": "2883",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2883"
},
{
"name": "ADV-2007-2528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "surgeftp-pasv-dos(35376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35376"
},
{
"name": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt",
"refsource": "MISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3768",
"datePublished": "2007-07-15T21:00:00.000Z",
"dateReserved": "2007-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3769 (GCVE-0-2007-3769)
Vulnerability from cvelistv5 – Published: 2007-07-15 21:00 – Updated: 2024-08-07 14:28
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26061 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.grok.org.uk/pipermail/full-disclosur… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/2528 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/37911 | vdb-entryx_refsource_OSVDB |
| http://marc.info/?l=full-disclosure&m=11840953900… | mailing-listx_refsource_FULLDISC |
Date Public
2007-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26061"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"name": "surgeftp-error-xss(35378)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "37911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37911"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26061"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"name": "surgeftp-error-xss(35378)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "37911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37911"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26061"
},
{
"name": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt",
"refsource": "MISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"name": "surgeftp-error-xss(35378)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
},
{
"name": "ADV-2007-2528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "37911",
"refsource": "OSVDB",
"url": "http://osvdb.org/37911"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3769",
"datePublished": "2007-07-15T21:00:00.000Z",
"dateReserved": "2007-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1034 (GCVE-0-2005-1034)
Vulnerability from cvelistv5 – Published: 2005-04-09 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1013664 | vdb-entryx_refsource_SECTRACK |
| http://www.security.org.sg/vuln/surgeftp22m1.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/13054 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/14888 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111289226204780&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2005-04-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013664"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security.org.sg/vuln/surgeftp22m1.html"
},
{
"name": "13054",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13054"
},
{
"name": "14888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14888"
},
{
"name": "20050407 [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111289226204780\u0026w=2"
},
{
"name": "surgeftp-leak-ftp-dos(20011)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013664"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security.org.sg/vuln/surgeftp22m1.html"
},
{
"name": "13054",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13054"
},
{
"name": "14888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14888"
},
{
"name": "20050407 [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111289226204780\u0026w=2"
},
{
"name": "surgeftp-leak-ftp-dos(20011)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013664",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013664"
},
{
"name": "http://www.security.org.sg/vuln/surgeftp22m1.html",
"refsource": "MISC",
"url": "http://www.security.org.sg/vuln/surgeftp22m1.html"
},
{
"name": "13054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13054"
},
{
"name": "14888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14888"
},
{
"name": "20050407 [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111289226204780\u0026w=2"
},
{
"name": "surgeftp-leak-ftp-dos(20011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1034",
"datePublished": "2005-04-09T04:00:00.000Z",
"dateReserved": "2005-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:59.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1356 (GCVE-0-2001-1356)
Vulnerability from cvelistv5 – Published: 2002-06-11 04:00 – Updated: 2024-08-08 04:51
VLAI
Summary
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/6961.php | vdb-entryx_refsource_XF |
| http://online.securityfocus.com/archive/1/201951 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/3157 | vdb-entryx_refsource_BID |
Date Public
2001-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "surgeftp-weak-password-encryption(6961)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/6961.php"
},
{
"name": "20010804 SurgeFTP admin account bruteforcable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/201951"
},
{
"name": "3157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "surgeftp-weak-password-encryption(6961)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/6961.php"
},
{
"name": "20010804 SurgeFTP admin account bruteforcable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/201951"
},
{
"name": "3157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "surgeftp-weak-password-encryption(6961)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/6961.php"
},
{
"name": "20010804 SurgeFTP admin account bruteforcable",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/201951"
},
{
"name": "3157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1356",
"datePublished": "2002-06-11T04:00:00.000Z",
"dateReserved": "2002-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:51:08.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1354 (GCVE-0-2001-1354)
Vulnerability from cvelistv5 – Published: 2002-06-11 04:00 – Updated: 2024-08-08 04:51
VLAI
Summary
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/3075 | vdb-entryx_refsource_BID |
| http://online.securityfocus.com/archive/1/198293 | mailing-listx_refsource_BUGTRAQ |
Date Public
2001-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "netwin-nwauth-weak-encryption(6866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866"
},
{
"name": "3075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3075"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/198293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "netwin-nwauth-weak-encryption(6866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866"
},
{
"name": "3075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3075"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/198293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netwin-nwauth-weak-encryption(6866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866"
},
{
"name": "3075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3075"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/198293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1354",
"datePublished": "2002-06-11T04:00:00.000Z",
"dateReserved": "2002-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:51:08.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1355 (GCVE-0-2001-1355)
Vulnerability from cvelistv5 – Published: 2002-06-11 04:00 – Updated: 2024-08-08 04:51
VLAI
Summary
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/3077 | vdb-entryx_refsource_BID |
| http://online.securityfocus.com/archive/1/198293 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2001-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3077"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"name": "netwin-nwauth-bo(6865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3077"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"name": "netwin-nwauth-bo(6865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3077"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"name": "netwin-nwauth-bo(6865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1355",
"datePublished": "2002-06-11T04:00:00.000Z",
"dateReserved": "2002-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:51:08.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0697 (GCVE-0-2001-0697)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30
VLAI
Summary
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/165816 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.secadministrator.com/Articles/Index.cf… | mailing-listx_refsource_WIN2KSEC |
| http://netwinsite.com/surgeftp/manual/updates.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/2442 | vdb-entryx_refsource_BID |
Date Public
2001-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010228 SurgeFTP Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/165816"
},
{
"name": "surgeftp-listing-dos(6168)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6168"
},
{
"name": "20010301 SurgeFTP 1.0b Denial of Service",
"tags": [
"mailing-list",
"x_refsource_WIN2KSEC",
"x_transferred"
],
"url": "http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an \u0027ls ..\u0027 command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010228 SurgeFTP Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/165816"
},
{
"name": "surgeftp-listing-dos(6168)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6168"
},
{
"name": "20010301 SurgeFTP 1.0b Denial of Service",
"tags": [
"mailing-list",
"x_refsource_WIN2KSEC"
],
"url": "http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an \u0027ls ..\u0027 command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010228 SurgeFTP Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/165816"
},
{
"name": "surgeftp-listing-dos(6168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6168"
},
{
"name": "20010301 SurgeFTP 1.0b Denial of Service",
"refsource": "WIN2KSEC",
"url": "http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200"
},
{
"name": "http://netwinsite.com/surgeftp/manual/updates.htm",
"refsource": "CONFIRM",
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0697",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0696 (GCVE-0-2001-0696)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30
VLAI
Summary
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/191916 | mailing-listx_refsource_BUGTRAQ |
| http://netwinsite.com/surgeftp/manual/updates.htm | x_refsource_MISC |
| http://www.securityfocus.com/bid/2891 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2001-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2891"
},
{
"name": "surgeftp-concon-dos(6712)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2891"
},
{
"name": "surgeftp-concon-dos(6712)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010619 SurgeFTP vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "http://netwinsite.com/surgeftp/manual/updates.htm",
"refsource": "MISC",
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2891"
},
{
"name": "surgeftp-concon-dos(6712)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0696",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0698 (GCVE-0-2001-0698)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30
VLAI
Summary
Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.netwinsite.com/surgeftp/manual/updates.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/191916 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/2892 | vdb-entryx_refsource_BID |
Date Public
2001-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "surgeftp-nlist-directory-traversal(6711)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6711"
},
{
"name": "2892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the \u0027nlist ...\u0027 command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-25T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "surgeftp-nlist-directory-traversal(6711)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6711"
},
{
"name": "2892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the \u0027nlist ...\u0027 command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.netwinsite.com/surgeftp/manual/updates.htm",
"refsource": "CONFIRM",
"url": "http://www.netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "20010619 SurgeFTP vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "surgeftp-nlist-directory-traversal(6711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6711"
},
{
"name": "2892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0698",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-10028 (GCVE-0-2012-10028)
Vulnerability from nvd – Published: 2025-08-05 20:04 – Updated: 2026-05-15 11:13
VLAI
Title
Netwin SurgeFTP <= v23c8 Authenticated RCE
Summary
Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://www.exploit-db.com/exploits/23522 | exploit |
| https://www.exploit-db.com/exploits/23601 | exploit |
| https://netwinsite.com/surgeftp/ | product |
| https://www.vulncheck.com/advisories/netwin-surge… | third-party-advisory |
Date Public
2012-12-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2012-10028",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T15:49:54.720390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T15:49:58.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/netwin_surgeftp_exec.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23522"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23601"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"surgeftpmgr.cgi"
],
"product": "SurgeFTP",
"vendor": "Netwin",
"versions": [
{
"lessThanOrEqual": "23c8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgeftp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23c8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Spencer McIntyre"
}
],
"datePublic": "2012-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system."
}
],
"value": "Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:13:55.331Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/netwin_surgeftp_exec.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23522"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23601"
},
{
"tags": [
"product"
],
"url": "https://netwinsite.com/surgeftp/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netwin-surgeftp-auth-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netwin SurgeFTP \u003c= v23c8 Authenticated RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2012-10028",
"datePublished": "2025-08-05T20:04:20.181Z",
"dateReserved": "2025-08-05T16:05:41.764Z",
"dateUpdated": "2026-05-15T11:13:55.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-17933 (GCVE-0-2017-17933)
Vulnerability from nvd – Published: 2017-12-29 18:00 – Updated: 2024-08-05 21:06
VLAI
Summary
cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/145572/NetW… | x_refsource_MISC |
Date Public
2017-12-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:49.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-29T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145572/NetWin-SurgeFTP-23f2-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17933",
"datePublished": "2017-12-29T18:00:00.000Z",
"dateReserved": "2017-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:06:49.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4742 (GCVE-0-2013-4742)
Vulnerability from nvd – Published: 2013-08-09 21:00 – Updated: 2024-08-06 16:52
VLAI
Summary
Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/54188 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/95582 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/61403 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2013-07-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54188"
},
{
"name": "surgeftp-cve20134742-vfprint-bo(85922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
},
{
"name": "95582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95582"
},
{
"name": "61403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61403"
},
{
"name": "20130722 SurgeFtp Server BufferOverflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54188"
},
{
"name": "surgeftp-cve20134742-vfprint-bo(85922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
},
{
"name": "95582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95582"
},
{
"name": "61403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61403"
},
{
"name": "20130722 SurgeFtp Server BufferOverflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54188"
},
{
"name": "surgeftp-cve20134742-vfprint-bo(85922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
},
{
"name": "95582",
"refsource": "OSVDB",
"url": "http://osvdb.org/95582"
},
{
"name": "61403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61403"
},
{
"name": "20130722 SurgeFtp Server BufferOverflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4742",
"datePublished": "2013-08-09T21:00:00.000Z",
"dateReserved": "2013-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:52:27.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1068 (GCVE-0-2010-1068)
Vulnerability from nvd – Published: 2010-03-23 18:00 – Updated: 2024-08-07 01:14
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38097 | third-party-advisoryx_refsource_SECUNIA |
| http://www.exploit-db.com/exploits/11092 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/1001-exploits/surg… | x_refsource_MISC |
Date Public
2010-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:05.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38097"
},
{
"name": "11092",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11092"
},
{
"name": "surgeftp-surgeftpmgr-xss(55509)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38097"
},
{
"name": "11092",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11092"
},
{
"name": "surgeftp-surgeftpmgr-xss(55509)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38097"
},
{
"name": "11092",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11092"
},
{
"name": "surgeftp-surgeftpmgr-xss(55509)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1068",
"datePublished": "2010-03-23T18:00:00.000Z",
"dateReserved": "2010-03-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:14:05.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1052 (GCVE-0-2008-1052)
Vulnerability from nvd – Published: 2008-02-27 19:00 – Updated: 2024-08-07 08:08
VLAI
Summary
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/488745/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/29096 | third-party-advisoryx_refsource_SECUNIA |
| http://aluigi.altervista.org/adv/surgeftpizza-adv.txt | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/3704 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/27993 | vdb-entryx_refsource_BID |
Date Public
2008-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080225 NULL pointer in SurgeFTP 2.3a2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded"
},
{
"name": "29096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt"
},
{
"name": "surgeftp-contentlength-dos(40843)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843"
},
{
"name": "3704",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3704"
},
{
"name": "27993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080225 NULL pointer in SurgeFTP 2.3a2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded"
},
{
"name": "29096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt"
},
{
"name": "surgeftp-contentlength-dos(40843)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843"
},
{
"name": "3704",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3704"
},
{
"name": "27993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080225 NULL pointer in SurgeFTP 2.3a2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488745/100/0/threaded"
},
{
"name": "29096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29096"
},
{
"name": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/surgeftpizza-adv.txt"
},
{
"name": "surgeftp-contentlength-dos(40843)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40843"
},
{
"name": "3704",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3704"
},
{
"name": "27993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1052",
"datePublished": "2008-02-27T19:00:00.000Z",
"dateReserved": "2008-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:08:57.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3768 (GCVE-0-2007-3768)
Vulnerability from nvd – Published: 2007-07-15 21:00 – Updated: 2024-08-07 14:28
VLAI
Summary
The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26061 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/37909 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/2883 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2007/2528 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.grok.org.uk/pipermail/full-disclosur… | x_refsource_MISC |
| http://marc.info/?l=full-disclosure&m=11840953900… | mailing-listx_refsource_FULLDISC |
Date Public
2007-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26061"
},
{
"name": "37909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37909"
},
{
"name": "2883",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2883"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "surgeftp-pasv-dos(35376)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35376"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26061"
},
{
"name": "37909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37909"
},
{
"name": "2883",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2883"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "surgeftp-pasv-dos(35376)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35376"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26061"
},
{
"name": "37909",
"refsource": "OSVDB",
"url": "http://osvdb.org/37909"
},
{
"name": "2883",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2883"
},
{
"name": "ADV-2007-2528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "surgeftp-pasv-dos(35376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35376"
},
{
"name": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt",
"refsource": "MISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3768",
"datePublished": "2007-07-15T21:00:00.000Z",
"dateReserved": "2007-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3769 (GCVE-0-2007-3769)
Vulnerability from nvd – Published: 2007-07-15 21:00 – Updated: 2024-08-07 14:28
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26061 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.grok.org.uk/pipermail/full-disclosur… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/2528 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/37911 | vdb-entryx_refsource_OSVDB |
| http://marc.info/?l=full-disclosure&m=11840953900… | mailing-listx_refsource_FULLDISC |
Date Public
2007-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26061"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"name": "surgeftp-error-xss(35378)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "37911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37911"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26061"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"name": "surgeftp-error-xss(35378)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
},
{
"name": "ADV-2007-2528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "37911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37911"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26061"
},
{
"name": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt",
"refsource": "MISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0031.txt"
},
{
"name": "surgeftp-error-xss(35378)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35378"
},
{
"name": "ADV-2007-2528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2528"
},
{
"name": "37911",
"refsource": "OSVDB",
"url": "http://osvdb.org/37911"
},
{
"name": "20070710 Portcullis Computer Security Ltd - Advisories",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=118409539009277\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3769",
"datePublished": "2007-07-15T21:00:00.000Z",
"dateReserved": "2007-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1034 (GCVE-0-2005-1034)
Vulnerability from nvd – Published: 2005-04-09 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1013664 | vdb-entryx_refsource_SECTRACK |
| http://www.security.org.sg/vuln/surgeftp22m1.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/13054 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/14888 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111289226204780&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2005-04-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013664"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security.org.sg/vuln/surgeftp22m1.html"
},
{
"name": "13054",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13054"
},
{
"name": "14888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14888"
},
{
"name": "20050407 [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111289226204780\u0026w=2"
},
{
"name": "surgeftp-leak-ftp-dos(20011)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013664"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security.org.sg/vuln/surgeftp22m1.html"
},
{
"name": "13054",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13054"
},
{
"name": "14888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14888"
},
{
"name": "20050407 [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111289226204780\u0026w=2"
},
{
"name": "surgeftp-leak-ftp-dos(20011)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013664",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013664"
},
{
"name": "http://www.security.org.sg/vuln/surgeftp22m1.html",
"refsource": "MISC",
"url": "http://www.security.org.sg/vuln/surgeftp22m1.html"
},
{
"name": "13054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13054"
},
{
"name": "14888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14888"
},
{
"name": "20050407 [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111289226204780\u0026w=2"
},
{
"name": "surgeftp-leak-ftp-dos(20011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1034",
"datePublished": "2005-04-09T04:00:00.000Z",
"dateReserved": "2005-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:59.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0697 (GCVE-0-2001-0697)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30
VLAI
Summary
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/165816 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.secadministrator.com/Articles/Index.cf… | mailing-listx_refsource_WIN2KSEC |
| http://netwinsite.com/surgeftp/manual/updates.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/2442 | vdb-entryx_refsource_BID |
Date Public
2001-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010228 SurgeFTP Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/165816"
},
{
"name": "surgeftp-listing-dos(6168)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6168"
},
{
"name": "20010301 SurgeFTP 1.0b Denial of Service",
"tags": [
"mailing-list",
"x_refsource_WIN2KSEC",
"x_transferred"
],
"url": "http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an \u0027ls ..\u0027 command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010228 SurgeFTP Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/165816"
},
{
"name": "surgeftp-listing-dos(6168)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6168"
},
{
"name": "20010301 SurgeFTP 1.0b Denial of Service",
"tags": [
"mailing-list",
"x_refsource_WIN2KSEC"
],
"url": "http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an \u0027ls ..\u0027 command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010228 SurgeFTP Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/165816"
},
{
"name": "surgeftp-listing-dos(6168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6168"
},
{
"name": "20010301 SurgeFTP 1.0b Denial of Service",
"refsource": "WIN2KSEC",
"url": "http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200"
},
{
"name": "http://netwinsite.com/surgeftp/manual/updates.htm",
"refsource": "CONFIRM",
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0697",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0696 (GCVE-0-2001-0696)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30
VLAI
Summary
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/191916 | mailing-listx_refsource_BUGTRAQ |
| http://netwinsite.com/surgeftp/manual/updates.htm | x_refsource_MISC |
| http://www.securityfocus.com/bid/2891 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2001-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2891"
},
{
"name": "surgeftp-concon-dos(6712)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2891"
},
{
"name": "surgeftp-concon-dos(6712)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010619 SurgeFTP vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "http://netwinsite.com/surgeftp/manual/updates.htm",
"refsource": "MISC",
"url": "http://netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "2891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2891"
},
{
"name": "surgeftp-concon-dos(6712)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0696",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0698 (GCVE-0-2001-0698)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30
VLAI
Summary
Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.netwinsite.com/surgeftp/manual/updates.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/191916 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/2892 | vdb-entryx_refsource_BID |
Date Public
2001-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "surgeftp-nlist-directory-traversal(6711)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6711"
},
{
"name": "2892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the \u0027nlist ...\u0027 command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-25T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "20010619 SurgeFTP vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "surgeftp-nlist-directory-traversal(6711)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6711"
},
{
"name": "2892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the \u0027nlist ...\u0027 command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.netwinsite.com/surgeftp/manual/updates.htm",
"refsource": "CONFIRM",
"url": "http://www.netwinsite.com/surgeftp/manual/updates.htm"
},
{
"name": "20010619 SurgeFTP vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/191916"
},
{
"name": "surgeftp-nlist-directory-traversal(6711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6711"
},
{
"name": "2892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0698",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1356 (GCVE-0-2001-1356)
Vulnerability from nvd – Published: 2002-06-11 04:00 – Updated: 2024-08-08 04:51
VLAI
Summary
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/6961.php | vdb-entryx_refsource_XF |
| http://online.securityfocus.com/archive/1/201951 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/3157 | vdb-entryx_refsource_BID |
Date Public
2001-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "surgeftp-weak-password-encryption(6961)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/6961.php"
},
{
"name": "20010804 SurgeFTP admin account bruteforcable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/201951"
},
{
"name": "3157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "surgeftp-weak-password-encryption(6961)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/6961.php"
},
{
"name": "20010804 SurgeFTP admin account bruteforcable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/201951"
},
{
"name": "3157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "surgeftp-weak-password-encryption(6961)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/6961.php"
},
{
"name": "20010804 SurgeFTP admin account bruteforcable",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/201951"
},
{
"name": "3157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1356",
"datePublished": "2002-06-11T04:00:00.000Z",
"dateReserved": "2002-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:51:08.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1354 (GCVE-0-2001-1354)
Vulnerability from nvd – Published: 2002-06-11 04:00 – Updated: 2024-08-08 04:51
VLAI
Summary
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/3075 | vdb-entryx_refsource_BID |
| http://online.securityfocus.com/archive/1/198293 | mailing-listx_refsource_BUGTRAQ |
Date Public
2001-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "netwin-nwauth-weak-encryption(6866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866"
},
{
"name": "3075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3075"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/198293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "netwin-nwauth-weak-encryption(6866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866"
},
{
"name": "3075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3075"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/198293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netwin-nwauth-weak-encryption(6866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866"
},
{
"name": "3075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3075"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/198293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1354",
"datePublished": "2002-06-11T04:00:00.000Z",
"dateReserved": "2002-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:51:08.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1355 (GCVE-0-2001-1355)
Vulnerability from nvd – Published: 2002-06-11 04:00 – Updated: 2024-08-08 04:51
VLAI
Summary
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/3077 | vdb-entryx_refsource_BID |
| http://online.securityfocus.com/archive/1/198293 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2001-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3077"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"name": "netwin-nwauth-bo(6865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3077"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"name": "netwin-nwauth-bo(6865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3077"
},
{
"name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/198293"
},
{
"name": "netwin-nwauth-bo(6865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1355",
"datePublished": "2002-06-11T04:00:00.000Z",
"dateReserved": "2002-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:51:08.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}