Vulnerabilities (CVE)

Filtered by vendor Southrivertech Subscribe
Total 19 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-45687 1 Southrivertech 2 Titan Mft Server, Titan Sftp Server 2023-12-10 N/A 8.8 HIGH
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing
CVE-2023-45688 1 Southrivertech 2 Titan Mft Server, Titan Sftp Server 2023-12-10 N/A 4.3 MEDIUM
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command
CVE-2023-45685 1 Southrivertech 2 Titan Mft Server, Titan Sftp Server 2023-12-10 N/A 9.1 CRITICAL
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal
CVE-2022-44215 1 Southrivertech 1 Titan Ftp Server 2023-12-10 N/A 6.1 MEDIUM
There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL.
CVE-2023-45686 1 Southrivertech 1 Titan Mfp Server 2023-12-10 N/A 7.2 HIGH
Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal
CVE-2023-45689 1 Southrivertech 2 Titan Mft Server, Titan Sftp Server 2023-12-10 N/A 6.5 MEDIUM
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal
CVE-2023-45690 1 Southrivertech 2 Titan Ftp Server, Titan Mft Server 2023-12-10 N/A 4.9 MEDIUM
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
CVE-2023-27745 1 Southrivertech 1 Titan Ftp Server Nextgen 2023-12-10 N/A 8.8 HIGH
An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server.
CVE-2023-27744 1 Southrivertech 1 Titan Ftp Server Nextgen 2023-12-10 N/A 7.8 HIGH
An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution.
CVE-2023-22629 1 Southrivertech 1 Titan Ftp Server 2023-12-10 N/A 8.8 HIGH
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
CVE-2022-34005 1 Southrivertech 1 Titan Ftp Server Nextgen 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.
CVE-2022-34006 1 Southrivertech 1 Titan Ftp Server Nextgen 2023-12-10 7.2 HIGH 7.8 HIGH
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.
CVE-2019-10009 1 Southrivertech 1 Titan Ftp Server 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.
CVE-2014-1842 1 Southrivertech 1 Titan Ftp Server 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
CVE-2014-1841 1 Southrivertech 1 Titan Ftp Server 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
CVE-2014-1843 1 Southrivertech 1 Titan Ftp Server 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
CVE-2010-2425 1 Southrivertech 1 Titan Ftp Server 2023-12-10 6.5 MEDIUM N/A
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command.
CVE-2010-2426 1 Southrivertech 1 Titan Ftp Server 2023-12-10 4.0 MEDIUM N/A
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.
CVE-2008-6082 1 Southrivertech 1 Titan Ftp Server 2023-12-10 5.0 MEDIUM N/A
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.