Filtered by vendor Southrivertech
Subscriptions
Total
20 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-45690 | 1 Southrivertech | 2 Titan Ftp Server, Titan Mft Server | 2024-11-21 | 4.9 Medium |
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem | ||||
CVE-2023-45689 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2024-11-21 | 6.5 Medium |
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal | ||||
CVE-2023-45688 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2024-11-21 | 4.3 Medium |
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command | ||||
CVE-2023-45687 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2024-11-21 | 8.8 High |
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing | ||||
CVE-2023-45686 | 1 Southrivertech | 1 Titan Mfp Server | 2024-11-21 | 7.2 High |
Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | ||||
CVE-2023-45685 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2024-11-21 | 9.1 Critical |
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | ||||
CVE-2023-27745 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2024-11-21 | 8.8 High |
An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. | ||||
CVE-2023-27744 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2024-11-21 | 7.8 High |
An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. | ||||
CVE-2023-22629 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | 8.8 High |
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem. | ||||
CVE-2022-44215 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | 6.1 Medium |
There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. | ||||
CVE-2022-34006 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2024-11-21 | 7.8 High |
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | ||||
CVE-2022-34005 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2024-11-21 | 9.8 Critical |
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | ||||
CVE-2019-10009 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | N/A |
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory. | ||||
CVE-2014-1843 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | N/A |
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter. | ||||
CVE-2014-1842 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | N/A |
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value. | ||||
CVE-2014-1841 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | N/A |
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter. | ||||
CVE-2010-2426 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | N/A |
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command. | ||||
CVE-2010-2425 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | N/A |
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command. | ||||
CVE-2008-6082 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | N/A |
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command. | ||||
CVE-2024-44685 | 1 Southrivertech | 1 Titan Sftp Server | 2024-09-13 | 5 Medium |
Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI. |
Page 1 of 1.