Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Serv-U File Server Security Vulnerabilities

cve
cve

CVE-2001-0054

Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.

6.8AI Score

0.009EPSS

2001-05-07 04:00 AM
39
cve
cve

CVE-2001-1463

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.

7.5AI Score

0.006EPSS

2005-04-21 04:00 AM
24
cve
cve

CVE-2002-2393

Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.

7AI Score

0.014EPSS

2007-10-31 04:00 PM
25
cve
cve

CVE-2004-0330

Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.

7.4AI Score

0.933EPSS

2004-11-23 05:00 AM
37
cve
cve

CVE-2004-1675

Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.

6.8AI Score

0.047EPSS

2005-02-20 05:00 AM
31
cve
cve

CVE-2004-1992

Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.

6.9AI Score

0.928EPSS

2005-05-10 04:00 AM
23
cve
cve

CVE-2004-2111

Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.

7.7AI Score

0.971EPSS

2005-05-27 04:00 AM
35
cve
cve

CVE-2004-2532

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC co...

7.8AI Score

0.002EPSS

2005-10-25 04:00 AM
22
cve
cve

CVE-2004-2533

Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\..." followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.

6.4AI Score

0.971EPSS

2005-10-25 04:00 AM
23
cve
cve

CVE-2005-3467

Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear wheth...

7.1AI Score

0.005EPSS

2005-11-02 11:02 PM
36
cve
cve

CVE-2008-3731

Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.

6.4AI Score

0.004EPSS

2008-08-20 04:41 PM
22
cve
cve

CVE-2008-4500

Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".

6.2AI Score

0.015EPSS

2008-10-09 12:00 AM
25
cve
cve

CVE-2008-4501

Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.

6.3AI Score

0.017EPSS

2008-10-09 12:00 AM
23
cve
cve

CVE-2009-0967

The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.

6.5AI Score

0.03EPSS

2009-03-19 10:30 AM
33
cve
cve

CVE-2009-1031

Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a .. (backslash dot dot) in an MKD request.

6.8AI Score

0.763EPSS

2009-03-20 12:30 AM
32
cve
cve

CVE-2009-3655

Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.

6.6AI Score

0.008EPSS

2009-10-09 02:30 PM
35
cve
cve

CVE-2009-4006

Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.

8AI Score

0.951EPSS

2009-11-20 11:30 AM
31
cve
cve

CVE-2009-4815

Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.

6.3AI Score

0.002EPSS

2010-04-27 03:30 PM
32
cve
cve

CVE-2011-4800

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.

6.4AI Score

0.004EPSS

2011-12-14 12:55 AM
38
cve
cve

CVE-2021-25179

SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.

6.1CVSS

6AI Score

0.001EPSS

2021-05-05 03:15 AM
51
3