Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Progress Subscribe
Total 60 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12143 1 Progress 1 Ipswitch Ws Ftp Server 2019-08-14 5.0 MEDIUM 5.3 MEDIUM
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.
CVE-2006-5001 2 Ipswitch, Progress 2 Ws Ftp Server, Ipswitch Ws Ftp Server 2019-08-13 5.0 MEDIUM N/A
Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
CVE-2006-4847 2 Ipswitch, Progress 2 Ws Ftp Server, Ipswitch Ws Ftp Server 2019-08-13 6.5 MEDIUM N/A
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
CVE-2008-0590 1 Progress 1 Ipswitch Ws Ftp Server 2019-08-13 9.0 HIGH N/A
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
CVE-2004-1884 2 Ipswitch, Progress 3 Ws Ftp Pro, Ws Ftp Server, Ipswitch Ws Ftp Server 2019-08-13 7.5 HIGH N/A
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
CVE-1999-1171 2 Ipswitch, Progress 2 Imail, Ipswitch Ws Ftp Server 2019-08-13 4.6 MEDIUM N/A
IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
CVE-2001-1021 1 Progress 1 Ipswitch Ws Ftp Server 2019-08-13 7.5 HIGH N/A
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
CVE-2002-0826 1 Progress 1 Ipswitch Ws Ftp Server 2019-08-13 7.5 HIGH N/A
Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.
CVE-2003-0772 2 Ipswitch, Progress 2 Ws Ftp Server, Ipswitch Ws Ftp Server 2019-08-13 7.5 HIGH N/A
Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.
CVE-2004-1643 1 Progress 1 Ipswitch Ws Ftp Server 2019-08-13 5.0 MEDIUM N/A
WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence.
CVE-2004-1848 2 Ipswitch, Progress 2 Ws Ftp Server, Ipswitch Ws Ftp Server 2019-08-13 5.0 MEDIUM N/A
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.
CVE-2004-1883 1 Progress 1 Ipswitch Ws Ftp Server 2019-08-13 7.2 HIGH N/A
Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred.
CVE-1999-1170 2 Ipswitch, Progress 2 Imail, Ipswitch Ws Ftp Server 2019-08-13 4.6 MEDIUM N/A
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
CVE-2004-1885 1 Progress 1 Ipswitch Ws Ftp Server 2019-08-13 7.2 HIGH N/A
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.
CVE-2006-5000 2 Ipswitch, Progress 2 Ws Ftp Server, Ipswitch Ws Ftp Server 2019-08-13 6.5 MEDIUM N/A
Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
CVE-2018-14037 1 Progress 1 Kendo Ui 2019-08-01 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application. This allows attackers (in the worst case) to take over user sessions.
CVE-2019-7215 1 Progress 1 Sitefinity 2019-06-10 6.4 MEDIUM 6.5 MEDIUM
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed.
CVE-2017-9140 1 Progress 2 Sitefinity Cms, Telerik Reporting 2019-03-14 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
CVE-2018-17055 1 Progress 1 Sitefinity 2018-12-12 5.0 MEDIUM 7.5 HIGH
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.
CVE-2018-17053 1 Progress 1 Sitefinity Cms 2018-11-15 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054.