Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.
Max CVSS
5.0
EPSS Score
0.21%
Published
2008-12-19
Updated
2018-10-11
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
Max CVSS
5.0
EPSS Score
0.80%
Published
2008-12-19
Updated
2018-10-11
2 vulnerabilities found