GCVE - cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*

part: a version: 1.0b update: *

Vendor	Netwin (`84440f9c-0c8f-54f6-a00b-4d1ca5722029`)
Product	Surgeftp (`720c321e-b60b-53ef-9427-9fc11718e7dd`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2004-2318`	not_vulnerable	2026-06-08 04:48:09.241907	Details available The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. Published: 2005-08-16T04:00:00.000Z Updated: 2024-08-08T01:22:13.621Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/15001 http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt http://www.secunia.com/advisories/10758/ http://www.osvdb.org/3788 http://www.securityfocus.com/bid/9554	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-1355`	vulnerable	2026-06-08 04:46:19.661617	Details available Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command. Published: 2002-06-11T04:00:00.000Z Updated: 2024-08-08T04:51:08.082Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/3077 http://online.securityfocus.com/archive/1/198293 https://exchange.xforce.ibmcloud.com/vulnerabilities/6865	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-1354`	vulnerable	2026-06-08 04:46:19.659821	Details available NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password. Published: 2002-06-11T04:00:00.000Z Updated: 2024-08-08T04:51:08.196Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/6866 http://www.securityfocus.com/bid/3075 http://online.securityfocus.com/archive/1/198293	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-0698`	vulnerable	2026-06-08 04:45:20.675159	Details available Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command. Published: 2002-03-09T05:00:00.000Z Updated: 2024-08-08T04:30:06.060Z Open on db.gcve.eu Reference links http://www.netwinsite.com/surgeftp/manual/updates.htm http://www.securityfocus.com/archive/1/191916 https://exchange.xforce.ibmcloud.com/vulnerabilities/6711 http://www.securityfocus.com/bid/2892	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-0696`	vulnerable	2026-06-08 04:45:20.673144	Details available NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con. Published: 2002-03-09T05:00:00.000Z Updated: 2024-08-08T04:30:06.073Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/191916 http://netwinsite.com/surgeftp/manual/updates.htm http://www.securityfocus.com/bid/2891 https://exchange.xforce.ibmcloud.com/vulnerabilities/6712	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.