Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
Max CVSS
4.9
EPSS Score
0.05%
Published
2023-10-16
Updated
2023-10-24
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
Max CVSS
8.8
EPSS Score
0.41%
Published
2023-02-14
Updated
2023-04-06
There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-08-28
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.
Max CVSS
6.5
EPSS Score
3.40%
Published
2019-06-03
Updated
2019-06-06
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
Max CVSS
5.0
EPSS Score
0.43%
Published
2014-04-29
Updated
2015-07-29
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
Max CVSS
5.0
EPSS Score
0.57%
Published
2014-04-29
Updated
2015-07-29
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
Max CVSS
5.0
EPSS Score
0.34%
Published
2014-04-29
Updated
2015-07-29

CVE-2010-2426

Public exploit
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.
Max CVSS
4.0
EPSS Score
7.25%
Published
2010-06-24
Updated
2018-10-10
Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command.
Max CVSS
6.5
EPSS Score
0.36%
Published
2010-06-24
Updated
2018-10-10

CVE-2008-6082

Public exploit
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
Max CVSS
5.0
EPSS Score
86.61%
Published
2009-02-06
Updated
2017-09-29
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!