Security News > 2023 > October > Exploit available for critical WS_FTP bug exploited in attacks
Over the weekend, security researchers released a proof-of-concept exploit for a maximum severity remote code execution vulnerability in Progress Software's WS FTP Server file sharing platform.
"This vulnerability turned out to be relatively straight forward and represented a typical.NET deserialization issue that led to RCE. It's surprising that this bug has stayed alive for so long, with the vendor stating that most versions of WS FTP are vulnerable," Assetnote said.
"We have addressed the vulnerabilities above and the Progress WS FTP team strongly recommends performing an upgrade," Progress warned at the time.
Progress warns of maximum severity WS FTP Server vulnerability.
Exploit released for critical VMware SSH auth bypass vulnerability.
Exploit released for Ivanti Sentry bug abused as zero-day in attacks.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical security hole in Apache Struts under exploit (source)
- Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- New DoubleClickjacking attack exploits double-clicks to hijack accounts (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- New Web3 attack exploits transaction simulations to steal crypto (source)