Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to...
7.5CVSS
7.4AI Score
0.001EPSS
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host...
6.8CVSS
6.6AI Score
0.001EPSS
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and...
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a valid profile file to.....
7.1CVSS
8.2AI Score
0.0005EPSS
6.5CVSS
6.8AI Score
0.006EPSS
5.4CVSS
6.5AI Score
0.002EPSS
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list)...
6.7AI Score
0.109EPSS