Secunia SmallBusiness
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
All Threads
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Ipswitch FTP Pro software

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
andreJo Ipswitch FTP Pro software
Member 5th Apr, 2011 09:19
Ranking: 0
Posts: 1
User Since: 5th Apr, 2011
System Score: N/A
Location: NL
 Hi,

I noticed that the Secunia advisories on WS FTP Pro software from Ipswitch do not mention the serious flaws detected in the 2007 version of the software:
CVE-2007-0330 and CVE-2007-0665.
According to the information found on Ipswitch WS_FTP Professional 2007 there is only a single vendor patch that partially solves some issues but no reference to these vulnerabilities.
Does this means that the 2007 software that can still be downloaded from CNET is still highly vulnerable?
The lack of information found at the site of Ipswitch makes me wonder whether this has ever been repaired. See:
http://forums.ipswitch.com/Topic36591-6-1.aspx
Also CVE-2008-3734 is not listed.
All those vulnerabilities are up to this date unptached according to Xforce.

Has the vulnerabilities been resolved then in the latest product and are those vulnerabilities absent in the 12.x version of the WS_FTP product of the same vendor?

Best regards,
Andre

Anthony Wells RE: Ipswitch FTP Pro software
Expert Contributor 5th Apr, 2011 17:09
Score: 2329
Posts: 3,205
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Hi ,

Secunia support are not very active on the Forum , at the moment ; so , as your question is more for the SA research side , you may wish to email them direct by using the contact page (here below) and choosing "Report Vulnerability" as the "chosen recipient" or by using the address lower down of vuln@secunia.com :-

http://secunia.com/company/contact/

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability