CVE-2014-1842
published 2014-04-29CVE-2014-1842: Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go…
PriorityP336medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.79%
90.8th percentile
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| southrivertech | titan_ftp_server | <= 10.40 | — |
| southrivertech | titan_ftp_server | — | — |
| southrivertech | titan_ftp_server | — | — |
| southrivertech | titan_ftp_server | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8pmx-2fwr-jp92: Directory traversal vulnerability in the web interface in Titan FTP Server before 10
ghsa_unreviewed·2022-05-17
CVE-2014-1842 [MEDIUM] CWE-22 GHSA-8pmx-2fwr-jp92: Directory traversal vulnerability in the web interface in Titan FTP Server before 10
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
Red Hat
openstack-puppet-modules: pacemaker configured with default password
vendor_redhat·2015-03-10·CVSS 10.0
CVE-2015-1842 [CRITICAL] CWE-798 openstack-puppet-modules: pacemaker configured with default password
openstack-puppet-modules: pacemaker configured with default password
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root.
Statement: Red Hat Product Security has rated this issue as having Important security impact, a future update will address the flaw.
As a mitigation against this issue, any system deployed using t
No detection rules found.
Exploit-DB
Titan FTP Server 10.32 Build 1816 - Directory Traversal
exploitdb·2014-02-11·CVSS 5.0
CVE-2014-1843 [MEDIUM] Titan FTP Server 10.32 Build 1816 - Directory Traversal
Titan FTP Server 10.32 Build 1816 - Directory Traversal
---
"Titan FTP Server Directory Traversal Vulnerabilities"
- Affected Vendor: South River Technologies
- Affected System: Titan FTP Server software (Version 10.32 Build 1816)
- Vendor Disclosure Date: January 27th, 2014
- Public Disclosure Date: February 10h, 2014
- Vulnerabilities' Status: Fixed
Associated CVEs:
1) CVE-2014-1841:
It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface.
2) CVE-2014-1842:
It is possible to obtain the complete list of existing users by writing "/../" on the search bar.
3) CVE-2014-1843:
It is possible to observe the "Properties" for an existing user home folder.
This also allows for enumeration of existing users on the
Nuclei
Titan FTP Server Search Function < 10.40 - User Enumeration
nuclei·CVSS 5.0
CVE-2014-1842 [MEDIUM] Titan FTP Server Search Function < 10.40 - User Enumeration
Titan FTP Server Search Function < 10.40 - User Enumeration
Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability in the web interface search functionality. Remote attackers can list all existing users by submitting "/../" in the search bar, enabling user enumeration and reconnaissance.
Template:
id: CVE-2014-1842
info:
name: Titan FTP Server Search Function < 10.40 - User Enumeration
author: pussycat0x
severity: medium
description: |
Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability in the web interface search functionality. Remote attackers can list all existing users by submitting "/../" in the search bar, enabling user enumeration and reconnaissance.
impact: |
Unauthenticated attackers can explo
No writeups or analysis indexed.
2014-04-29
Published