Southrivertech

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-25233 1Southrivertech 1Webdrive Apr 8, 2026 Mar 30, 2026 6.9 MEDIUM· v4 5.5 MEDIUM· v3 N/A· v2 WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Att...Show more WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash.Show less
CVE-2024-1192 1Southrivertech 1Webdrive Jan 8, 2025 Feb 29, 2024 N/A· v4 5.5 MEDIUM· v3 1.7 LOW· v2 A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service....Show more A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-252682 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-45690 1Southrivertech 2Titan Ftp Server Titan Mft Server Nov 21, 2024 Oct 16, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
CVE-2023-45689 1Southrivertech 2Titan Mft Server Titan Sftp Server Nov 21, 2024 Oct 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via...Show more Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversalShow less
CVE-2023-45688 1Southrivertech 2Titan Mft Server Titan Sftp Server Nov 21, 2024 Oct 16, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in th...Show more Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" commandShow less
CVE-2023-45687 1Southrivertech 2Titan Mft Server Titan Sftp Server Nov 21, 2024 Oct 16, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authori...Show more A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosingShow less
CVE-2023-45686 1Southrivertech 1Titan Mfp Server Nov 21, 2024 Oct 16, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via pa...Show more Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversalShow less
CVE-2023-45685 1Southrivertech 2Titan Mft Server Titan Sftp Server Nov 21, 2024 Oct 16, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesy...Show more Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversalShow less
CVE-2022-44215 1Southrivertech 1Titan Ftp Server Nov 21, 2024 Aug 22, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL.
CVE-2023-27745 1Southrivertech 1Titan Ftp Server Nextgen Jan 9, 2025 Jun 2, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server.
CVE-2023-27744 1Southrivertech 1Titan Ftp Server Nextgen Jan 9, 2025 Jun 2, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution.
CVE-2023-22629 1Southrivertech 1Titan Ftp Server Mar 20, 2025 Feb 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the se...Show more An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.Show less
CVE-2022-34006 1Southrivertech 1Titan Ftp Server Nextgen Nov 21, 2024 Jun 19, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus ena...Show more An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.Show less
CVE-2022-34005 1Southrivertech 1Titan Ftp Server Nextgen Nov 21, 2024 Jun 19, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default d...Show more An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.Show less
CVE-2019-10009 1Southrivertech 1Titan Ftp Server Nov 21, 2024 Jun 3, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, a...Show more A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.Show less
CVE-2014-1843 1Southrivertech 1Titan Ftp Server May 6, 2026 Apr 29, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .....Show more Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.Show less
CVE-2014-1842 1Southrivertech 1Titan Ftp Server May 6, 2026 Apr 29, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
CVE-2014-1841 1Southrivertech 1Titan Ftp Server May 6, 2026 Apr 29, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src paramete...Show more Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.Show less
CVE-2010-2426 1Southrivertech 1Titan Ftp Server Apr 29, 2026 Jun 24, 2010 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "....Show more Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command.Show less
CVE-2010-2425 1Southrivertech 1Titan Ftp Server Apr 29, 2026 Jun 24, 2010 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequenc...Show more Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command.Show less

12 Next