Filtered by vendor Southrivertech
Subscribe
Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-22629 | 1 Southrivertech | 1 Titan Ftp Server | 2023-02-23 | N/A | 8.8 HIGH |
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem. | |||||
CVE-2022-34006 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2022-06-29 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | |||||
CVE-2022-34005 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2022-06-29 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | |||||
CVE-2019-10009 | 1 Southrivertech | 1 Titan Ftp Server | 2019-06-06 | 4.0 MEDIUM | 6.5 MEDIUM |
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory. | |||||
CVE-2010-2425 | 1 Southrivertech | 1 Titan Ftp Server | 2018-10-10 | 6.5 MEDIUM | N/A |
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command. | |||||
CVE-2010-2426 | 1 Southrivertech | 1 Titan Ftp Server | 2018-10-10 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command. | |||||
CVE-2008-6082 | 1 Southrivertech | 1 Titan Ftp Server | 2017-09-28 | 5.0 MEDIUM | N/A |
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command. | |||||
CVE-2014-1843 | 1 Southrivertech | 1 Titan Ftp Server | 2015-07-29 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter. | |||||
CVE-2014-1842 | 1 Southrivertech | 1 Titan Ftp Server | 2015-07-29 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value. | |||||
CVE-2014-1841 | 1 Southrivertech | 1 Titan Ftp Server | 2015-07-29 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter. |