Filtered by vendor Provideserver
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11707 | 1 Provideserver | 1 Provide Ftp Server | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ProVide (formerly zFTPServer) through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user (non-admin) can craft a Junction Link in a directory he has full control of, breaking out of the sandbox. | |||||
| CVE-2020-11703 | 1 Provideserver | 1 Provide Ftp Server | 2020-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter. | |||||
| CVE-2020-11701 | 1 Provideserver | 1 Provide Ftp Server | 2020-04-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories. | |||||
| CVE-2020-11706 | 1 Provideserver | 1 Provide Ftp Server | 2020-04-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server. | |||||