Vulnerabilities > Netwin > Surgeftp > 2.0c
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-09 | CVE-2013-4742 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netwin Surgeftp Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. | 7.5 |
| 2007-07-15 | CVE-2007-3769 | Cross-Site Scripting vulnerability in SurgeFTP Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. network netwin | 5.8 |
| 2007-07-15 | CVE-2007-3768 | Denial-Of-Service vulnerability in SurgeFTP The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. | 8.5 |
| 2004-12-31 | CVE-2004-2318 | Denial Of Service vulnerability in SurgeFTP Surgeftpmgr.CGI The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | 5.0 |
| 2001-08-04 | CVE-2001-1356 | Weak Password Encryption vulnerability in SurgeFTP NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021. | 10.0 |