Vulnerabilities > Netwin > Surgeftp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-29 | CVE-2017-17933 | Cross-site Scripting vulnerability in Netwin Surgeftp 23F2 cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. | 4.3 |
| 2010-03-23 | CVE-2010-1068 | Cross-Site Scripting vulnerability in Netwin Surgeftp 2.3A6 Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action. | 4.3 |
| 2008-02-27 | CVE-2008-1052 | Buffer Errors vulnerability in Netwin Surgeftp 2.3A2 The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails. | 6.4 |
| 2007-07-15 | CVE-2007-3769 | Cross-Site Scripting vulnerability in SurgeFTP Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. network netwin | 5.8 |
| 2005-05-02 | CVE-2005-1034 | Denial of Service vulnerability in Netwin Surgeftp 2.2K3/2.2M1 SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | 5.0 |
| 2004-12-31 | CVE-2004-2318 | Denial Of Service vulnerability in SurgeFTP Surgeftpmgr.CGI The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | 5.0 |
| 2001-09-20 | CVE-2001-0698 | Information Disclosure vulnerability in Netwin SurgeFTP Server Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command. | 5.0 |
| 2001-09-20 | CVE-2001-0697 | Unspecified vulnerability in Netwin Surgeftp 1.1H NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command. | 5.0 |
| 2001-09-20 | CVE-2001-0696 | Denial of Service vulnerability in Netwin SurgeFTP Server MS-DOS Device Name NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con. | 5.0 |
| 2001-07-20 | CVE-2001-1354 | Weak Password Encryption vulnerability in Netwin NWAuth NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password. | 4.6 |