CVE-2026-28318

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

CVE-2025-40539

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

CVE-2025-40541

The CVE-2025-40541 entry describes an Insecure Direct Object Reference (IDOR) vulnerability in SolarWinds Serv-U. The issue allows an attacker to execute native code as a privileged account, requiring administrative privileges to exploit. On Windows deployments, risk is noted as medium because se...

Exploit for CVE-2025-40547

CVE-2025-40547 - Serv-U Administrative Pre-Authenticated Remot...

CVE-2025-40548

SolarWinds Serv-U is affected by a set of flaws (CVE-2025-40547, -40548, -40549) stemming from a missing validation that could allow an attacker with admin privileges to execute code. Several connected sources indicate Serv-U versions prior to 15.5.3 (and specifically 15.5.2 and earlier per PT-20...

The vulnerability of the SolarWinds Serv-U File Server file server arises from incorrect path name restrictions for the restricted access directory, allowing a hacker to execute arbitrary code.

The vulnerability of the SolarWinds Serv-U File Server file server is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by connecting to port 21...

CVE-2024-45712

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...

Exploit for Path Traversal in Solarwinds Serv-U

SolarWinds-CVE-2021-35250 !solarwinds-inc-logo835x396-702x336...

VulnCheck KEV: CVE-2021-35247

SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization...

CVE-2021-35247

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper...

CVE-2020-15542

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command...

CVE-2018-19999

The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability,...

servu/serv-u by replacing the servudaemon. ini elevation of privilege-vulnerability warning-the black bar safety net

servu 6.3/6. 4 and 7. 0,8. 0 and so there is a directory traversal vulnerability. Using a writable account to log in if it is anonymous ftp, it only read permissions C:\Documents and Settings\Administratorftp 127.0.0.1 Connected to 127.0.0.1. 2 2 0 Serv-U FTP Server v6. 4 for WinSock ready...

Look at ServU password encryption and storage method-vulnerability warning-the black bar safety net

Look at ServU password encryption storage method First randomly generate a 2-bit charactersfrom a-z lowercase characters. Then the user's original password with this 2-bit random character merge to become the new password character. Such as: the user's original password is a,The randomly generate...

On WEBSHELL to elevate privileges to the point of experience-vulnerability warning-the black bar safety net

| --- | Many newcomers in the use of servu elevation of Privilege will encounter many problems, such as the default local administrator Password changed, ws, etc. the cmd is disabled, or the site root directory there is no permission to run! Many Novices will be sent to the discard, Oh, actually...

Very classic webshell to mention the right-vulnerability warning-the black bar safety net

Said to have spent nine cattle II Tiger of effort to get a webshell, the Of course, also want to continue to receive full server admin rights, as don't want to give the admin The not a good hacker to HEE HEE to better come with me, see what you can use to elevate privileges The first If the serve...