VYPR

Serv U File Server

by SolarWinds

CVEs (34)

  • CVE-2009-4006Nov 20, 2009
    risk 0.10cvss epss 0.83

    Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.

  • CVE-2004-2111Dec 31, 2004
    risk 0.10cvss epss 0.87

    Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.

  • CVE-2004-0330Nov 23, 2004
    risk 0.10cvss epss 0.85

    Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.

  • CVE-2011-4800Dec 14, 2011
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.

  • CVE-2009-1031Mar 20, 2009
    risk 0.04cvss epss 0.11

    Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.

  • CVE-2009-0967Mar 19, 2009
    risk 0.04cvss epss 0.07

    The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.

  • CVE-2008-4501Oct 9, 2008
    risk 0.04cvss epss 0.11

    Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.

  • CVE-2008-4500Oct 9, 2008
    risk 0.04cvss epss 0.10

    Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".

  • CVE-2004-2532Dec 31, 2004
    risk 0.04cvss epss 0.16

    Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then…

  • CVE-2004-1675Sep 11, 2004
    risk 0.04cvss epss 0.12

    Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.

  • CVE-2004-1992Apr 20, 2004
    risk 0.04cvss epss 0.11

    Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.

  • CVE-2001-0054Feb 16, 2001
    risk 0.04cvss epss 0.12

    Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.

  • CVE-2021-35223Aug 31, 2021
    risk 0.01cvss epss 0.03

    The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.

  • CVE-2021-35252Dec 16, 2022
    risk 0.00cvss epss 0.01

    Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.

  • CVE-2022-38106Dec 16, 2022
    risk 0.00cvss epss 0.01

    This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.

  • CVE-2021-35242Dec 6, 2021
    risk 0.00cvss epss 0.01

    Serv-U server responds with valid CSRFToken when the request contains only Session.

  • CVE-2021-35245Dec 6, 2021
    risk 0.00cvss epss 0.01

    When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.

  • CVE-2020-15573Jul 7, 2020
    risk 0.00cvss epss 0.02

    SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.

  • CVE-2020-15574Jul 7, 2020
    risk 0.00cvss epss 0.02

    SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.

  • CVE-2020-15575Jul 7, 2020
    risk 0.00cvss epss 0.02

    SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.

Page 1 of 2