VYPR

Serv U File Server

by SolarWinds

CVEs (34)

  • CVE-2020-15542Jul 5, 2020
    risk 0.00cvss epss 0.02

    SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.

  • CVE-2019-19829Dec 18, 2019
    risk 0.00cvss epss 0.02

    A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.

  • CVE-2019-13182Dec 16, 2019
    risk 0.00cvss epss 0.06

    A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.

  • CVE-2019-13181Dec 16, 2019
    risk 0.00cvss epss 0.03

    A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

  • CVE-2018-19999Jun 7, 2019
    risk 0.00cvss epss 0.01

    The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit…

  • CVE-2018-15906Mar 17, 2019
    risk 0.00cvss epss 0.08

    SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.

  • CVE-2018-19934Mar 17, 2019
    risk 0.00cvss epss 0.06

    SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.

  • CVE-2009-4815Apr 27, 2010
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.

  • CVE-2009-3655Oct 9, 2009
    risk 0.00cvss epss 0.04

    Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.

  • CVE-2008-3731Aug 20, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.

  • CVE-2005-3467Nov 2, 2005
    risk 0.00cvss epss 0.02

    Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE:…

  • CVE-2004-2533Dec 31, 2004
    risk 0.00cvss epss 0.03

    Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.

  • CVE-2002-2393Dec 31, 2002
    risk 0.00cvss epss 0.03

    Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.

  • CVE-2001-1463Nov 19, 2001
    risk 0.00cvss epss 0.03

    The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.

Page 2 of 2