Vulnerabilities > Netwin > Surgeftp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-29 | CVE-2017-17933 | Cross-site Scripting vulnerability in Netwin Surgeftp 23F2 cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. | 4.3 |
| 2013-08-09 | CVE-2013-4742 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netwin Surgeftp Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. | 7.5 |
| 2010-03-23 | CVE-2010-1068 | Cross-Site Scripting vulnerability in Netwin Surgeftp 2.3A6 Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action. | 4.3 |
| 2008-02-27 | CVE-2008-1052 | Buffer Errors vulnerability in Netwin Surgeftp 2.3A2 The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails. | 6.4 |
| 2007-07-15 | CVE-2007-3769 | Cross-Site Scripting vulnerability in SurgeFTP Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. network netwin | 5.8 |
| 2007-07-15 | CVE-2007-3768 | Denial-Of-Service vulnerability in SurgeFTP The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. | 8.5 |
| 2005-05-02 | CVE-2005-1034 | Denial of Service vulnerability in Netwin Surgeftp 2.2K3/2.2M1 SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | 5.0 |
| 2004-12-31 | CVE-2004-2318 | Denial Of Service vulnerability in SurgeFTP Surgeftpmgr.CGI The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | 5.0 |
| 2001-09-20 | CVE-2001-0698 | Information Disclosure vulnerability in Netwin SurgeFTP Server Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command. | 5.0 |
| 2001-09-20 | CVE-2001-0697 | Unspecified vulnerability in Netwin Surgeftp 1.1H NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command. | 5.0 |