VYPR
Vendor

Rhinosoft

Products
4
CVEs
30
Across products
30
Status
Private

Products

4

Recent CVEs

30
View all 30 CVEs →
  • CVE-2021-35211KEVJul 14, 2021
    risk 0.26cvss epss 0.91

    Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File…

  • CVE-2024-28995KEVJun 6, 2024
    risk 0.23cvss epss 1.00

    SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

  • CVE-2021-35247KEVJan 7, 2022
    risk 0.12cvss epss 0.03

    Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers…

  • CVE-2009-4006Nov 20, 2009
    risk 0.10cvss epss 0.83

    Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.

  • CVE-2004-2111Dec 31, 2004
    risk 0.10cvss epss 0.87

    Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.

  • CVE-2004-0330Nov 23, 2004
    risk 0.10cvss epss 0.85

    Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.

  • CVE-2021-35250Apr 25, 2022
    risk 0.06cvss epss 0.14

    A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.

  • CVE-2009-4873May 26, 2010
    risk 0.05cvss epss 0.21

    Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.

  • CVE-2007-1079Feb 22, 2007
    risk 0.03cvss epss 0.03

    Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.

  • CVE-2004-1691Sep 18, 2004
    risk 0.03cvss epss 0.04

    The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.

  • CVE-2004-1939Apr 14, 2004
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.

  • CVE-1999-0838Dec 1, 1999
    risk 0.03cvss epss 0.02

    Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command.

  • CVE-2024-45711Oct 16, 2024
    risk 0.01cvss epss 0.06

    SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are…

  • CVE-2025-40541Feb 24, 2026
    risk 0.00cvss epss 0.01

    An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is…

  • CVE-2025-40539Feb 24, 2026
    risk 0.00cvss epss 0.00

    A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium…

  • CVE-2025-40538Feb 24, 2026
    risk 0.00cvss epss 0.01

    A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative…

  • CVE-2025-40549Nov 18, 2025
    risk 0.00cvss epss 0.01

    A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium…

  • CVE-2025-40547Nov 18, 2025
    risk 0.00cvss epss 0.01

    A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because…

  • CVE-2024-45712Apr 15, 2025
    risk 0.00cvss epss 0.00

    SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.

  • CVE-2024-28073Apr 17, 2024
    risk 0.00cvss epss 0.01

    SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.