Serv U File Server
by SolarWinds
CVEs (34)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15542 | 0.00 | — | 0.02 | Jul 5, 2020 | SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. | |||
| CVE-2019-19829 | 0.00 | — | 0.02 | Dec 18, 2019 | A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. | |||
| CVE-2019-13182 | 0.00 | — | 0.06 | Dec 16, 2019 | A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. | |||
| CVE-2019-13181 | 0.00 | — | 0.03 | Dec 16, 2019 | A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. | |||
| CVE-2018-19999 | 0.00 | — | 0.01 | Jun 7, 2019 | The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit… | |||
| CVE-2018-15906 | 0.00 | — | 0.08 | Mar 17, 2019 | SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file. | |||
| CVE-2018-19934 | 0.00 | — | 0.06 | Mar 17, 2019 | SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. | |||
| CVE-2009-4815 | 0.00 | — | 0.03 | Apr 27, 2010 | Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||
| CVE-2009-3655 | 0.00 | — | 0.04 | Oct 9, 2009 | Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command. | |||
| CVE-2008-3731 | 0.00 | — | 0.02 | Aug 20, 2008 | Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging. | |||
| CVE-2005-3467 | 0.00 | — | 0.02 | Nov 2, 2005 | Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE:… | |||
| CVE-2004-2533 | 0.00 | — | 0.03 | Dec 31, 2004 | Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111. | |||
| CVE-2002-2393 | 0.00 | — | 0.03 | Dec 31, 2002 | Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands. | |||
| CVE-2001-1463 | 0.00 | — | 0.03 | Nov 19, 2001 | The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. |
- CVE-2020-15542Jul 5, 2020risk 0.00cvss —epss 0.02
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.
- CVE-2019-19829Dec 18, 2019risk 0.00cvss —epss 0.02
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.
- CVE-2019-13182Dec 16, 2019risk 0.00cvss —epss 0.06
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.
- CVE-2019-13181Dec 16, 2019risk 0.00cvss —epss 0.03
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.
- CVE-2018-19999Jun 7, 2019risk 0.00cvss —epss 0.01
The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit…
- CVE-2018-15906Mar 17, 2019risk 0.00cvss —epss 0.08
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.
- CVE-2018-19934Mar 17, 2019risk 0.00cvss —epss 0.06
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.
- CVE-2009-4815Apr 27, 2010risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
- CVE-2009-3655Oct 9, 2009risk 0.00cvss —epss 0.04
Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.
- CVE-2008-3731Aug 20, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.
- CVE-2005-3467Nov 2, 2005risk 0.00cvss —epss 0.02
Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE:…
- CVE-2004-2533Dec 31, 2004risk 0.00cvss —epss 0.03
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.
- CVE-2002-2393Dec 31, 2002risk 0.00cvss —epss 0.03
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.
- CVE-2001-1463Nov 19, 2001risk 0.00cvss —epss 0.03
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
Page 2 of 2