Security News > 2023 > October > Exploit available for critical WS_FTP bug exploited in attacks
Over the weekend, security researchers released a proof-of-concept exploit for a maximum severity remote code execution vulnerability in Progress Software's WS FTP Server file sharing platform.
"This vulnerability turned out to be relatively straight forward and represented a typical.NET deserialization issue that led to RCE. It's surprising that this bug has stayed alive for so long, with the vendor stating that most versions of WS FTP are vulnerable," Assetnote said.
"We have addressed the vulnerabilities above and the Progress WS FTP team strongly recommends performing an upgrade," Progress warned at the time.
Progress warns of maximum severity WS FTP Server vulnerability.
Exploit released for critical VMware SSH auth bypass vulnerability.
Exploit released for Ivanti Sentry bug abused as zero-day in attacks.
News URL
Related news
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Critical GitHub Attack (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)