Vulnerabilites related to solarwinds - serv-u_file_server
cve-2004-2532
Vulnerability from cvelistv5
Published
2005-10-25 04:00
Modified
2024-08-08 01:29
Severity ?
EPSS score ?
Summary
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10886 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16925 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/8877 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10886",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10886"
},
{
"name": "servu-default-admin-account(16925)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16925"
},
{
"name": "8877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8877"
},
{
"name": "20040808 Serv-U 3.x, 4.x, 5.x local privilege escalation vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10886",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10886"
},
{
"name": "servu-default-admin-account(16925)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16925"
},
{
"name": "8877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8877"
},
{
"name": "20040808 Serv-U 3.x, 4.x, 5.x local privilege escalation vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10886"
},
{
"name": "servu-default-admin-account(16925)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16925"
},
{
"name": "8877",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8877"
},
{
"name": "20040808 Serv-U 3.x, 4.x, 5.x local privilege escalation vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2532",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0967
Vulnerability from cvelistv5
Published
2009-03-19 10:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/8212 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/34127 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49260 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8212",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8212"
},
{
"name": "34127",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34127"
},
{
"name": "servuftp-smnt-dos(49260)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8212",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8212"
},
{
"name": "34127",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34127"
},
{
"name": "servuftp-smnt-dos(49260)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8212",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8212"
},
{
"name": "34127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34127"
},
{
"name": "servuftp-smnt-dos(49260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0967",
"datePublished": "2009-03-19T10:00:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1992
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108360377119290&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/5546 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/10181 | vdb-entry, x_refsource_BID | |
| http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html | x_refsource_MISC | |
| http://secunia.com/advisories/11430 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=ntbugtraq&m=108359620108234&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15913 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1009869 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040503 Serv-U LIST -l Parameter Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360377119290\u0026w=2"
},
{
"name": "5546",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5546"
},
{
"name": "10181",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10181"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html"
},
{
"name": "11430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11430"
},
{
"name": "20040503 Serv-U LIST -l Parameter Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=108359620108234\u0026w=2"
},
{
"name": "servu-list-command-bo(15913)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15913"
},
{
"name": "1009869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040503 Serv-U LIST -l Parameter Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360377119290\u0026w=2"
},
{
"name": "5546",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5546"
},
{
"name": "10181",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10181"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html"
},
{
"name": "11430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11430"
},
{
"name": "20040503 Serv-U LIST -l Parameter Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=108359620108234\u0026w=2"
},
{
"name": "servu-list-command-bo(15913)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15913"
},
{
"name": "1009869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040503 Serv-U LIST -l Parameter Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360377119290\u0026w=2"
},
{
"name": "5546",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5546"
},
{
"name": "10181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10181"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html"
},
{
"name": "11430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11430"
},
{
"name": "20040503 Serv-U LIST -l Parameter Buffer Overflow",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=108359620108234\u0026w=2"
},
{
"name": "servu-list-command-bo(15913)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15913"
},
{
"name": "1009869",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1992",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2533
Vulnerability from cvelistv5
Published
2005-10-25 04:00
Modified
2024-08-08 01:29
Severity ?
EPSS score ?
Summary
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/3713 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1009086 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/9675 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/10706 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15251 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3713"
},
{
"name": "1009086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009086"
},
{
"name": "9675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9675"
},
{
"name": "10706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10706"
},
{
"name": "servu-sitechmod-command-dos(15251)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a \"\\\\...\\\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3713"
},
{
"name": "1009086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009086"
},
{
"name": "9675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9675"
},
{
"name": "10706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10706"
},
{
"name": "servu-sitechmod-command-dos(15251)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a \"\\\\...\\\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3713",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3713"
},
{
"name": "1009086",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009086"
},
{
"name": "9675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9675"
},
{
"name": "10706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10706"
},
{
"name": "servu-sitechmod-command-dos(15251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2533",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4006
Vulnerability from cvelistv5
Published
2009-11-20 11:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/60427 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1023199 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/507955/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/secunia_research/2009-46/ | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.vupen.com/english/advisories/2009/3277 | vdb-entry, x_refsource_VUPEN | |
| http://www.serv-u.com/releasenotes/ | x_refsource_MISC | |
| http://secunia.com/advisories/37228 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/37051 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54322 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60427"
},
{
"name": "1023199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023199"
},
{
"name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"name": "oval:org.mitre.oval:def:6142",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"name": "ADV-2009-3277",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "37228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37228"
},
{
"name": "37051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37051"
},
{
"name": "servu-tea-bo(54322)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "60427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60427"
},
{
"name": "1023199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023199"
},
{
"name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"name": "oval:org.mitre.oval:def:6142",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"name": "ADV-2009-3277",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "37228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37228"
},
{
"name": "37051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37051"
},
{
"name": "servu-tea-bo(54322)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60427",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60427"
},
{
"name": "1023199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023199"
},
{
"name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2009-46/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"name": "oval:org.mitre.oval:def:6142",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"name": "ADV-2009-3277",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "MISC",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "37228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37228"
},
{
"name": "37051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37051"
},
{
"name": "servu-tea-bo(54322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4006",
"datePublished": "2009-11-20T11:00:00",
"dateReserved": "2009-11-19T00:00:00",
"dateUpdated": "2024-08-07T06:45:51.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3467
Vulnerability from cvelistv5
Published
2005-11-02 23:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2005/2267 | vdb-entry, x_refsource_VUPEN | |
| http://www.serv-u.com/releasenotes.asp | x_refsource_CONFIRM | |
| http://secunia.com/advisories/17409 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1015151 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/15273 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-2267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2267"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes.asp"
},
{
"name": "17409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17409"
},
{
"name": "1015151",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015151"
},
{
"name": "15273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of \"~\" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-2267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2267"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes.asp"
},
{
"name": "17409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17409"
},
{
"name": "1015151",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015151"
},
{
"name": "15273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of \"~\" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2267"
},
{
"name": "http://www.serv-u.com/releasenotes.asp",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes.asp"
},
{
"name": "17409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17409"
},
{
"name": "1015151",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015151"
},
{
"name": "15273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3467",
"datePublished": "2005-11-02T23:00:00",
"dateReserved": "2005-11-02T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25179
Vulnerability from cvelistv5
Published
2021-05-05 02:40
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.linkedin.com/in/gabrielegristina | x_refsource_MISC | |
| https://twitter.com/gm4tr1x | x_refsource_MISC | |
| https://github.com/matrix | x_refsource_MISC | |
| https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/gm4tr1x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T02:40:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/gm4tr1x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-25179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.linkedin.com/in/gabrielegristina",
"refsource": "MISC",
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"name": "https://twitter.com/gm4tr1x",
"refsource": "MISC",
"url": "https://twitter.com/gm4tr1x"
},
{
"name": "https://github.com/matrix",
"refsource": "MISC",
"url": "https://github.com/matrix"
},
{
"name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm",
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-25179",
"datePublished": "2021-05-05T02:40:13",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2111
Vulnerability from cvelistv5
Published
2005-05-27 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/14931 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/9483 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1008841 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/9675 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=107513654005840&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "servu-chmodcommand-execute-code(14931)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14931"
},
{
"name": "9483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9483"
},
{
"name": "1008841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1008841"
},
{
"name": "9675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9675"
},
{
"name": "20040126 Serv-U ftp 4.2 site chmod long_file_name exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107513654005840\u0026w=2"
},
{
"name": "20040124 [SST]ServU MDTM command remote buffero verflow adv",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "servu-chmodcommand-execute-code(14931)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14931"
},
{
"name": "9483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9483"
},
{
"name": "1008841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1008841"
},
{
"name": "9675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9675"
},
{
"name": "20040126 Serv-U ftp 4.2 site chmod long_file_name exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107513654005840\u0026w=2"
},
{
"name": "20040124 [SST]ServU MDTM command remote buffero verflow adv",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "servu-chmodcommand-execute-code(14931)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14931"
},
{
"name": "9483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9483"
},
{
"name": "1008841",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008841"
},
{
"name": "9675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9675"
},
{
"name": "20040126 Serv-U ftp 4.2 site chmod long_file_name exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107513654005840\u0026w=2"
},
{
"name": "20040124 [SST]ServU MDTM command remote buffero verflow adv",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2111",
"datePublished": "2005-05-27T04:00:00",
"dateReserved": "2005-05-27T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1675
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17329 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/12507/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/11155 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=109495074211638&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:36.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "servu-stou-dos(17329)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17329"
},
{
"name": "12507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12507/"
},
{
"name": "11155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11155"
},
{
"name": "20040911 Serv-U up to 5.2 Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109495074211638\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "servu-stou-dos(17329)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17329"
},
{
"name": "12507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12507/"
},
{
"name": "11155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11155"
},
{
"name": "20040911 Serv-U up to 5.2 Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109495074211638\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "servu-stou-dos(17329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17329"
},
{
"name": "12507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12507/"
},
{
"name": "11155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11155"
},
{
"name": "20040911 Serv-U up to 5.2 Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109495074211638\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1675",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-21T00:00:00",
"dateUpdated": "2024-08-08T01:00:36.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4501
Vulnerability from cvelistv5
Published
2008-10-08 23:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2746 | vdb-entry, x_refsource_VUPEN | |
| https://www.exploit-db.com/exploits/6661 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/32150 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/4378 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "6661",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "4378",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "6661",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "4378",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2746",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "6661",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"name": "32150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32150"
},
{
"name": "4378",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4501",
"datePublished": "2008-10-08T23:00:00",
"dateReserved": "2008-10-08T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3655
Vulnerability from cvelistv5
Published
2009-10-09 14:18
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36873 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.serv-u.com/releasenotes/ | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:29.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36873"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "oval:org.mitre.oval:def:5798",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the \"SITE SET TRANSFERPROGRESS ON\" FTP command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36873"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "oval:org.mitre.oval:def:5798",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the \"SITE SET TRANSFERPROGRESS ON\" FTP command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36873"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "oval:org.mitre.oval:def:5798",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3655",
"datePublished": "2009-10-09T14:18:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:29.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0330
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15323 | vdb-entry, x_refsource_XF | |
| http://www.cnhonker.com/advisory/serv-u.mdtm.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=107781164214399&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9751 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "servu-mdtm-bo(15323)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnhonker.com/advisory/serv-u.mdtm.txt"
},
{
"name": "20040226 [vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107781164214399\u0026w=2"
},
{
"name": "9751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "servu-mdtm-bo(15323)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnhonker.com/advisory/serv-u.mdtm.txt"
},
{
"name": "20040226 [vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107781164214399\u0026w=2"
},
{
"name": "9751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9751"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "servu-mdtm-bo(15323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15323"
},
{
"name": "http://www.cnhonker.com/advisory/serv-u.mdtm.txt",
"refsource": "MISC",
"url": "http://www.cnhonker.com/advisory/serv-u.mdtm.txt"
},
{
"name": "20040226 [vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107781164214399\u0026w=2"
},
{
"name": "9751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9751"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0330",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2393
Vulnerability from cvelistv5
Published
2007-10-31 16:00
Modified
2024-09-17 02:16
Severity ?
EPSS score ?
Summary
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/6112 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/10573.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:12.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021106 RhinoSoft Serv-U FTP Anonymous Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html"
},
{
"name": "6112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6112"
},
{
"name": "servu-mkd-command-dos(10573)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10573.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-31T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021106 RhinoSoft Serv-U FTP Anonymous Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html"
},
{
"name": "6112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6112"
},
{
"name": "servu-mkd-command-dos(10573)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10573.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021106 RhinoSoft Serv-U FTP Anonymous Remote DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html"
},
{
"name": "6112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6112"
},
{
"name": "servu-mkd-command-dos(10573)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10573.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2393",
"datePublished": "2007-10-31T16:00:00Z",
"dateReserved": "2007-10-31T00:00:00Z",
"dateUpdated": "2024-09-17T02:16:14.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1031
Vulnerability from cvelistv5
Published
2009-03-20 00:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/8211 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/34329 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/52773 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2009/0738 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/34125 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49258 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8211",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8211"
},
{
"name": "34329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34329"
},
{
"name": "52773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52773"
},
{
"name": "ADV-2009-0738",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"name": "34125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34125"
},
{
"name": "servuftp-mkd-dir-traversal(49258)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \\.. (backslash dot dot) in an MKD request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8211",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8211"
},
{
"name": "34329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34329"
},
{
"name": "52773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52773"
},
{
"name": "ADV-2009-0738",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"name": "34125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34125"
},
{
"name": "servuftp-mkd-dir-traversal(49258)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \\.. (backslash dot dot) in an MKD request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8211",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8211"
},
{
"name": "34329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34329"
},
{
"name": "52773",
"refsource": "OSVDB",
"url": "http://osvdb.org/52773"
},
{
"name": "ADV-2009-0738",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"name": "34125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34125"
},
{
"name": "servuftp-mkd-dir-traversal(49258)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1031",
"datePublished": "2009-03-20T00:00:00",
"dateReserved": "2009-03-19T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4500
Vulnerability from cvelistv5
Published
2008-10-08 23:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45652 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/2746 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/32150 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.exploit-db.com/exploits/6660 | exploit, x_refsource_EXPLOIT-DB | |
| http://securityreason.com/securityalert/4377 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/31556 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "servu-stoucon1-dos(45652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "6660",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6660"
},
{
"name": "4377",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4377"
},
{
"name": "31556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31556"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "servu-stoucon1-dos(45652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "6660",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6660"
},
{
"name": "4377",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4377"
},
{
"name": "31556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31556"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "servu-stoucon1-dos(45652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"name": "ADV-2008-2746",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "32150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32150"
},
{
"name": "6660",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6660"
},
{
"name": "4377",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4377"
},
{
"name": "31556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31556"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4500",
"datePublished": "2008-10-08T23:00:00",
"dateReserved": "2008-10-08T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1463
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7925 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/279763 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1002882 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "servu-ftp-plaintext-password(7925)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7925"
},
{
"name": "VU#279763",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/279763"
},
{
"name": "1002882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1002882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "servu-ftp-plaintext-password(7925)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7925"
},
{
"name": "VU#279763",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/279763"
},
{
"name": "1002882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1002882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "servu-ftp-plaintext-password(7925)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7925"
},
{
"name": "VU#279763",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/279763"
},
{
"name": "1002882",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1002882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1463",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0054
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/464 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5639 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/2052 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=97604119024280&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "464",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/464"
},
{
"name": "20001205 (no subject)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html"
},
{
"name": "ftp-servu-homedir-travers(5639)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5639"
},
{
"name": "2052",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2052"
},
{
"name": "20001205 Serv-U FTP directory traversal vunerability (all versions)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97604119024280\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as \"/..%20.\" to a CD command, a variant of a .. (dot dot) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "464",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/464"
},
{
"name": "20001205 (no subject)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html"
},
{
"name": "ftp-servu-homedir-travers(5639)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5639"
},
{
"name": "2052",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2052"
},
{
"name": "20001205 Serv-U FTP directory traversal vunerability (all versions)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97604119024280\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as \"/..%20.\" to a CD command, a variant of a .. (dot dot) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "464",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/464"
},
{
"name": "20001205 (no subject)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html"
},
{
"name": "ftp-servu-homedir-travers(5639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5639"
},
{
"name": "2052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2052"
},
{
"name": "20001205 Serv-U FTP directory traversal vunerability (all versions)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=97604119024280\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0054",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-02-01T00:00:00",
"dateUpdated": "2024-08-08T04:06:55.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3731
Vulnerability from cvelistv5
Published
2008-08-20 16:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/30739 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44537 | vdb-entry, x_refsource_XF | |
| http://www.serv-u.com/releasenotes/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/31461 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30739",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30739"
},
{
"name": "servu-fileserver-sftp-dos(44537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "31461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30739",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30739"
},
{
"name": "servu-fileserver-sftp-dos(44537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "31461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30739"
},
{
"name": "servu-fileserver-sftp-dos(44537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "31461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3731",
"datePublished": "2008-08-20T16:00:00",
"dateReserved": "2008-08-20T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4815
Vulnerability from cvelistv5
Published
2010-04-27 15:00
Modified
2024-08-07 07:17
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37414 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/37847 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54932 | vdb-entry, x_refsource_XF | |
| http://www.serv-u.com/releasenotes/ | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/3595 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37414"
},
{
"name": "37847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37847"
},
{
"name": "fileserver-unspecified-info-disclosure(54932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "ADV-2009-3595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37414"
},
{
"name": "37847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37847"
},
{
"name": "fileserver-unspecified-info-disclosure(54932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "ADV-2009-3595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37414"
},
{
"name": "37847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37847"
},
{
"name": "fileserver-unspecified-info-disclosure(54932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "ADV-2009-3595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4815",
"datePublished": "2010-04-27T15:00:00",
"dateReserved": "2010-04-27T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4800
Vulnerability from cvelistv5
Published
2011-12-14 00:00
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/47021 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.serv-u.com/releasenotes/ | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/18182 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:34.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111130 Serv-U Remote",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"name": "47021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "18182",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a \"..:/\" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-14T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20111130 Serv-U Remote",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"name": "47021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "18182",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18182"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a \"..:/\" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20111130 Serv-U Remote",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"name": "47021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47021"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "18182",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4800",
"datePublished": "2011-12-14T00:00:00Z",
"dateReserved": "2011-12-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:01:04.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-03-19 10:30
Modified
2024-11-21 01:01
Severity ?
Summary
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 | |
| solarwinds | serv-u_file_server | 7.2.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.0 | |
| solarwinds | serv-u_file_server | 7.3.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.2 | |
| solarwinds | serv-u_file_server | 7.4.0.0 | |
| solarwinds | serv-u_file_server | 7.4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument."
},
{
"lang": "es",
"value": "El servidor FTP en Serv-U versiones 7.0.0.1 hasta 7.4.0.1, permite a los usuarios remotos autenticados causar una denegaci\u00f3n de servicio (bloqueo de servicio) por medio de un gran n\u00famero de comandos SMNT sin un argumento."
}
],
"id": "CVE-2009-0967",
"lastModified": "2024-11-21T01:01:21.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-19T10:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34127"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 4.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE0A612-CF94-4DBE-808C-AE4CA9DD2C3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a \"\\\\...\\\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111."
}
],
"id": "CVE-2004-2533",
"lastModified": "2024-11-20T23:53:35.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10706"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1009086"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3713"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/9675"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1009086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/9675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-02 23:02
Modified
2024-11-21 00:01
Severity ?
Summary
Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | * | |
| solarwinds | serv-u_file_server | 3.0.0.16 | |
| solarwinds | serv-u_file_server | 3.0.0.17 | |
| solarwinds | serv-u_file_server | 3.1.0.0 | |
| solarwinds | serv-u_file_server | 3.1.0.1 | |
| solarwinds | serv-u_file_server | 3.1.0.3 | |
| solarwinds | serv-u_file_server | 4.0.0.4 | |
| solarwinds | serv-u_file_server | 4.1.0.0 | |
| solarwinds | serv-u_file_server | 4.1.0.3 | |
| solarwinds | serv-u_file_server | 5.0.0.0 | |
| solarwinds | serv-u_file_server | 5.0.0.4 | |
| solarwinds | serv-u_file_server | 5.0.0.9 | |
| solarwinds | serv-u_file_server | 5.0.0.11 | |
| solarwinds | serv-u_file_server | 5.1.0.0 | |
| solarwinds | serv-u_file_server | 5.2.0.0 | |
| solarwinds | serv-u_file_server | 5.2.0.1 | |
| solarwinds | serv-u_file_server | 6.0.0.0 | |
| solarwinds | serv-u_file_server | 6.0.0.1 | |
| solarwinds | serv-u_file_server | 6.0.0.2 | |
| solarwinds | serv-u_file_server | 6.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92F4434F-7AAF-44D4-A200-5C2D73556A6C",
"versionEndIncluding": "6.1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB703F7-4806-4E3F-850E-ACC127892899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F784-86CB-46FC-97FB-1F43F140C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "022E0AF9-48FA-41C4-A109-4A3284A721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "397E88A4-9E82-4818-B176-1C049993F1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD649F-E290-4E8E-B61F-3950A2157938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE6EDE-C7BC-4730-9602-160A027D8F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE0A612-CF94-4DBE-808C-AE4CA9DD2C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F20066E0-BAE8-462F-86B5-A39DDB5D11C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B460EA-F742-4524-B213-BF92ABF82ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E646B1A-167C-4DB6-84C1-77B071AC605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF068DF2-7298-4648-BA80-06321599E723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B3B340-C416-421D-9616-C4ACB59E05A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CADBC6BB-BF83-4BC0-88FC-4D6E929B7D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5175168C-D623-49AE-9BB6-9DAF8B7C5EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "735F7214-91B5-4BDF-8F98-52249A22AE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E248012-E5EE-4975-8E3B-A05FC5FA4737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C8B779-67D3-43B5-B8F2-C460D5C5906D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4E2E43-42CC-451E-8F49-E5E6E72D90C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D24DD045-751C-4CAA-BDD5-0511FD245651",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of \"~\" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities."
}
],
"id": "CVE-2005-3467",
"lastModified": "2024-11-21T00:01:58.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-02T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17409"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015151"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15273"
},
{
"source": "cve@mitre.org",
"url": "http://www.serv-u.com/releasenotes.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.serv-u.com/releasenotes.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2267"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-20 16:41
Modified
2024-11-21 00:49
Severity ?
Summary
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en Serv-U File Server versiones 7.0.0.0.1, y otras versiones anteriores a 7.2.0.1, permite a usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de una sesi\u00f3n SSH con comandos SFTP para la creaci\u00f3n y registro de directorios."
}
],
"evaluatorSolution": "Upgrade to 7.2.0.1",
"id": "CVE-2008-3731",
"lastModified": "2024-11-21T00:49:59.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-20T16:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31461"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30739"
},
{
"source": "cve@mitre.org",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-02-16 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 3.0.0.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB703F7-4806-4E3F-850E-ACC127892899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as \"/..%20.\" to a CD command, a variant of a .. (dot dot) attack."
}
],
"id": "CVE-2001-0054",
"lastModified": "2024-11-20T23:34:29.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-02-16T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=97604119024280\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/464"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2052"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=97604119024280\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5639"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 3.1.0.0 | |
| solarwinds | serv-u_file_server | 4.0.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "022E0AF9-48FA-41C4-A109-4A3284A721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE6EDE-C7BC-4730-9602-160A027D8F25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands."
}
],
"id": "CVE-2002-2393",
"lastModified": "2024-11-20T23:43:34.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10573.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10573.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6112"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-11-19 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 3.0.0.16 | |
| solarwinds | serv-u_file_server | 3.0.0.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB703F7-4806-4E3F-850E-ACC127892899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F784-86CB-46FC-97FB-1F43F140C9ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords."
}
],
"id": "CVE-2001-1463",
"lastModified": "2024-11-20T23:37:45.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-11-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1002882"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/279763"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1002882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/279763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7925"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-09 00:00
Modified
2024-11-21 00:51
Severity ?
Summary
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 | |
| solarwinds | serv-u_file_server | 7.2.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.0 | |
| solarwinds | serv-u_file_server | 7.3.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\"."
},
{
"lang": "es",
"value": "Serv-U v7.3, y v7.2.0.1 y anteriores, permite a usuarios autenticados en remoto provocar una denegaci\u00f3n de servicio (consumo de la CPU) a trav\u00e9s de un comando stou manipulado; probablemente est\u00e1 relacionado con los nombres de dispositivo de MS-DOS, como se ha demostrado usando \"con:1\""
}
],
"id": "CVE-2008-4500",
"lastModified": "2024-11-21T00:51:49.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-09T00:00:01.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32150"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4377"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31556"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | * | |
| solarwinds | serv-u_file_server | 3.0.0.16 | |
| solarwinds | serv-u_file_server | 3.0.0.17 | |
| solarwinds | serv-u_file_server | 3.1.0.0 | |
| solarwinds | serv-u_file_server | 3.1.0.1 | |
| solarwinds | serv-u_file_server | 3.1.0.3 | |
| solarwinds | serv-u_file_server | 4.0.0.4 | |
| solarwinds | serv-u_file_server | 4.1.0.0 | |
| solarwinds | serv-u_file_server | 4.1.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9171B0CE-E4CF-4515-8E14-28001B164044",
"versionEndIncluding": "5.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB703F7-4806-4E3F-850E-ACC127892899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F784-86CB-46FC-97FB-1F43F140C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "022E0AF9-48FA-41C4-A109-4A3284A721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "397E88A4-9E82-4818-B176-1C049993F1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD649F-E290-4E8E-B61F-3950A2157938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE6EDE-C7BC-4730-9602-160A027D8F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE0A612-CF94-4DBE-808C-AE4CA9DD2C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F20066E0-BAE8-462F-86B5-A39DDB5D11C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command."
}
],
"id": "CVE-2004-0330",
"lastModified": "2024-11-20T23:48:20.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107781164214399\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.cnhonker.com/advisory/serv-u.mdtm.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9751"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107781164214399\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cnhonker.com/advisory/serv-u.mdtm.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15323"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-09 00:00
Modified
2024-11-21 00:51
Severity ?
Summary
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 | |
| solarwinds | serv-u_file_server | 7.2.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.0 | |
| solarwinds | serv-u_file_server | 7.3.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el servidor FTP de Serv-U v7.3, y v7.2.0.1 y anteriores, permite a usuarios autenticados en remoto sobrescribir o crear ficheros de su elecci\u00f3n mediante un ..\\ (punto punto barra invertida) en el comando RNTO."
}
],
"id": "CVE-2008-4501",
"lastModified": "2024-11-21T00:51:49.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-09T00:00:01.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32150"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4378"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6661"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-11 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 4.0.0.4 | |
| solarwinds | serv-u_file_server | 4.1.0.0 | |
| solarwinds | serv-u_file_server | 4.1.0.3 | |
| solarwinds | serv-u_file_server | 5.0.0.0 | |
| solarwinds | serv-u_file_server | 5.0.0.4 | |
| solarwinds | serv-u_file_server | 5.0.0.9 | |
| solarwinds | serv-u_file_server | 5.0.0.11 | |
| solarwinds | serv-u_file_server | 5.1.0.0 | |
| solarwinds | serv-u_file_server | 5.2.0.0 | |
| solarwinds | serv-u_file_server | 5.2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE6EDE-C7BC-4730-9602-160A027D8F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE0A612-CF94-4DBE-808C-AE4CA9DD2C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F20066E0-BAE8-462F-86B5-A39DDB5D11C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B460EA-F742-4524-B213-BF92ABF82ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E646B1A-167C-4DB6-84C1-77B071AC605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF068DF2-7298-4648-BA80-06321599E723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B3B340-C416-421D-9616-C4ACB59E05A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CADBC6BB-BF83-4BC0-88FC-4D6E929B7D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5175168C-D623-49AE-9BB6-9DAF8B7C5EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "735F7214-91B5-4BDF-8F98-52249A22AE75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX."
}
],
"id": "CVE-2004-1675",
"lastModified": "2024-11-20T23:51:28.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109495074211638\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12507/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11155"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109495074211638\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12507/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17329"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-20 11:30
Modified
2024-11-21 01:08
Severity ?
Summary
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480EE765-C9AF-495E-810E-4153DC250F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "955439D8-7449-4E82-9EB5-6379002E6D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6B101C-1058-45D7-A0B9-26C616691F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EC7360-6AD8-4689-A927-57881C4BF974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3956BE-95DE-4656-B987-796053032621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391013B0-D304-49AF-9FAB-89E9A4E16686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4BCC0E-1F1B-4956-BE5D-67FF788652EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9637A62-B1A9-41D1-905C-DA200DB5A4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FE5332-0928-4743-832D-D7E9AB86B5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF325569-354C-4C70-A6EC-A8BFF1FF2AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31756C9F-307A-4D1C-8534-5F919EA96C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "104F5B91-6267-4B19-A791-FBC49E88B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "809D6AB1-13D5-4589-B564-570114A64AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E986938-BE98-4D7A-9C92-4ED87968E0A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el algoritmo de decodificaci\u00f3n TEA en servidor FTP Serv-U de RhinoSoft versiones 7.0.0.1, 9.0.0.5 y otras versiones anteriores a 9.1.0.0, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una cadena hexadecimal larga."
}
],
"id": "CVE-2009-4006",
"lastModified": "2024-11-21T01:08:43.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-20T11:30:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37228"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/60427"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37051"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023199"
},
{
"source": "cve@mitre.org",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/60427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | * | |
| solarwinds | serv-u_file_server | 3.0.0.16 | |
| solarwinds | serv-u_file_server | 3.0.0.17 | |
| solarwinds | serv-u_file_server | 3.1.0.0 | |
| solarwinds | serv-u_file_server | 3.1.0.1 | |
| solarwinds | serv-u_file_server | 3.1.0.3 | |
| solarwinds | serv-u_file_server | 4.0.0.4 | |
| solarwinds | serv-u_file_server | 4.1.0.0 | |
| solarwinds | serv-u_file_server | 4.1.0.3 | |
| solarwinds | serv-u_file_server | 5.0.0.0 | |
| solarwinds | serv-u_file_server | 5.0.0.4 | |
| solarwinds | serv-u_file_server | 5.0.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE64EE8-9FCE-43EF-8DE3-0BC90DE982D3",
"versionEndIncluding": "5.0.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB703F7-4806-4E3F-850E-ACC127892899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F784-86CB-46FC-97FB-1F43F140C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "022E0AF9-48FA-41C4-A109-4A3284A721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "397E88A4-9E82-4818-B176-1C049993F1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD649F-E290-4E8E-B61F-3950A2157938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE6EDE-C7BC-4730-9602-160A027D8F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE0A612-CF94-4DBE-808C-AE4CA9DD2C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F20066E0-BAE8-462F-86B5-A39DDB5D11C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B460EA-F742-4524-B213-BF92ABF82ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E646B1A-167C-4DB6-84C1-77B071AC605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF068DF2-7298-4648-BA80-06321599E723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command."
}
],
"id": "CVE-2004-2532",
"lastModified": "2024-11-20T23:53:35.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/8877"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10886"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/8877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16925"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-09 14:30
Modified
2024-11-21 01:07
Severity ?
Summary
Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 | |
| solarwinds | serv-u_file_server | 7.2.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.0 | |
| solarwinds | serv-u_file_server | 7.3.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.2 | |
| solarwinds | serv-u_file_server | 7.4.0.0 | |
| solarwinds | serv-u_file_server | 7.4.0.1 | |
| solarwinds | serv-u_file_server | 8.0.0.1 | |
| solarwinds | serv-u_file_server | 8.0.0.2 | |
| solarwinds | serv-u_file_server | 8.0.0.4 | |
| solarwinds | serv-u_file_server | 8.0.0.5 | |
| solarwinds | serv-u_file_server | 8.0.0.7 | |
| solarwinds | serv-u_file_server | 8.1.0.1 | |
| solarwinds | serv-u_file_server | 8.1.0.3 | |
| solarwinds | serv-u_file_server | 8.2.0.0 | |
| solarwinds | serv-u_file_server | 8.2.0.1 | |
| solarwinds | serv-u_file_server | 8.2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480EE765-C9AF-495E-810E-4153DC250F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "955439D8-7449-4E82-9EB5-6379002E6D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6B101C-1058-45D7-A0B9-26C616691F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EC7360-6AD8-4689-A927-57881C4BF974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3956BE-95DE-4656-B987-796053032621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391013B0-D304-49AF-9FAB-89E9A4E16686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4BCC0E-1F1B-4956-BE5D-67FF788652EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9637A62-B1A9-41D1-905C-DA200DB5A4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FE5332-0928-4743-832D-D7E9AB86B5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF325569-354C-4C70-A6EC-A8BFF1FF2AB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the \"SITE SET TRANSFERPROGRESS ON\" FTP command."
},
{
"lang": "es",
"value": "Rhino Software Serv-U v7.0.0.1 a v8.2.0.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (mediante ca\u00edda del servidor) a trav\u00e9s de vectores no especificados relacionados con el comando FTP \"SITE SET TRANSFERPROGRESS ON\"."
}
],
"id": "CVE-2009-3655",
"lastModified": "2024-11-21T01:07:54.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-09T14:30:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36873"
},
{
"source": "cve@mitre.org",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-20 00:30
Modified
2024-11-21 01:01
Severity ?
Summary
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 | |
| solarwinds | serv-u_file_server | 7.2.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.0 | |
| solarwinds | serv-u_file_server | 7.3.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.2 | |
| solarwinds | serv-u_file_server | 7.4.0.0 | |
| solarwinds | serv-u_file_server | 7.4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \\.. (backslash dot dot) in an MKD request."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el servidor FTP en Rhino Software Serv-U File Server v7.4.0.1 permite a atacantes remotos crear directorios de su elecci\u00f3n a trav\u00e9s de \\.. (barra invertida punto punto) en una petici\u00f3n MKD."
}
],
"id": "CVE-2009-1031",
"lastModified": "2024-11-21T01:01:29.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-20T00:30:00.717",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52773"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34329"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34125"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8211"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-05 03:15
Modified
2024-11-21 05:54
Severity ?
Summary
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/matrix | Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/gm4tr1x | Third Party Advisory | |
| cve@mitre.org | https://www.linkedin.com/in/gabrielegristina | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/matrix | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/gm4tr1x | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.linkedin.com/in/gabrielegristina | Permissions Required, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1CF4B3-08F1-459F-B1F4-8501F252EC23",
"versionEndExcluding": "15.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header."
},
{
"lang": "es",
"value": "SolarWinds Serv-U versiones anteriores a 15.2, est\u00e1 afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del encabezado HTTP Host"
}
],
"id": "CVE-2021-25179",
"lastModified": "2024-11-21T05:54:30.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-05T03:15:07.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/matrix"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/gm4tr1x"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/matrix"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/gm4tr1x"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://www.linkedin.com/in/gabrielegristina"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-27 15:30
Modified
2024-11-21 01:10
Severity ?
Summary
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB703F7-4806-4E3F-850E-ACC127892899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F784-86CB-46FC-97FB-1F43F140C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "022E0AF9-48FA-41C4-A109-4A3284A721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "397E88A4-9E82-4818-B176-1C049993F1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD649F-E290-4E8E-B61F-3950A2157938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE6EDE-C7BC-4730-9602-160A027D8F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE0A612-CF94-4DBE-808C-AE4CA9DD2C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F20066E0-BAE8-462F-86B5-A39DDB5D11C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B460EA-F742-4524-B213-BF92ABF82ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E646B1A-167C-4DB6-84C1-77B071AC605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF068DF2-7298-4648-BA80-06321599E723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B3B340-C416-421D-9616-C4ACB59E05A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CADBC6BB-BF83-4BC0-88FC-4D6E929B7D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5175168C-D623-49AE-9BB6-9DAF8B7C5EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "735F7214-91B5-4BDF-8F98-52249A22AE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E248012-E5EE-4975-8E3B-A05FC5FA4737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C8B779-67D3-43B5-B8F2-C460D5C5906D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4E2E43-42CC-451E-8F49-E5E6E72D90C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D24DD045-751C-4CAA-BDD5-0511FD245651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C70A91-550A-4441-8468-A41759D438DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A34FD62-EC28-4B66-9BCA-44468C87DA74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7075F-5C0B-40F9-B391-10AECE849B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80B6C7FD-77EA-40F2-A9C9-235B4B0757EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE71798A-C0F4-442F-8B8E-D590FCDAB707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EC2A0C-DFD1-4ED7-B59B-9FBB658AC93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "087D548D-384E-4B7C-8FB2-EC9F9F255EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D950E25-71ED-492A-A7D9-F332C2989965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC21E151-25BD-46C3-95C0-D97FB31207A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCE52A0-58FB-41FD-8BC2-410FB0A96A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1D9E67-F528-412F-94D1-BC245E1A9786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA09ADC-E1F7-4A89-ABD5-52657430DF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8A3AA1-CC80-40AD-B57D-E86FE515C4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "141C2C7B-2CD7-4B62-85AC-92209DDB9CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480EE765-C9AF-495E-810E-4153DC250F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "955439D8-7449-4E82-9EB5-6379002E6D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6B101C-1058-45D7-A0B9-26C616691F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EC7360-6AD8-4689-A927-57881C4BF974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3956BE-95DE-4656-B987-796053032621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391013B0-D304-49AF-9FAB-89E9A4E16686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4BCC0E-1F1B-4956-BE5D-67FF788652EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9637A62-B1A9-41D1-905C-DA200DB5A4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FE5332-0928-4743-832D-D7E9AB86B5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF325569-354C-4C70-A6EC-A8BFF1FF2AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31756C9F-307A-4D1C-8534-5F919EA96C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "104F5B91-6267-4B19-A791-FBC49E88B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "809D6AB1-13D5-4589-B564-570114A64AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E986938-BE98-4D7A-9C92-4ED87968E0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34BB423C-D0B6-4C65-A30F-463F492E2526",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Serv-U en versiones anteriores a la 9.2.0.1 permite a atacantes remotos autenticados leer ficheros de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4815",
"lastModified": "2024-11-21T01:10:31.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-27T15:30:00.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37847"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37414"
},
{
"source": "cve@mitre.org",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3595"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-20 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | * | |
| solarwinds | serv-u_file_server | 3.0.0.16 | |
| solarwinds | serv-u_file_server | 3.0.0.17 | |
| solarwinds | serv-u_file_server | 3.1.0.0 | |
| solarwinds | serv-u_file_server | 3.1.0.1 | |
| solarwinds | serv-u_file_server | 3.1.0.3 | |
| solarwinds | serv-u_file_server | 4.0.0.4 | |
| solarwinds | serv-u_file_server | 4.1.0.0 | |
| solarwinds | serv-u_file_server | 4.1.0.3 | |
| solarwinds | serv-u_file_server | 5.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "164F0A28-7C84-4444-9C68-DA1D1B4DFA9A",
"versionEndIncluding": "5.0.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB703F7-4806-4E3F-850E-ACC127892899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F784-86CB-46FC-97FB-1F43F140C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "022E0AF9-48FA-41C4-A109-4A3284A721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "397E88A4-9E82-4818-B176-1C049993F1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD649F-E290-4E8E-B61F-3950A2157938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE6EDE-C7BC-4730-9602-160A027D8F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE0A612-CF94-4DBE-808C-AE4CA9DD2C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F20066E0-BAE8-462F-86B5-A39DDB5D11C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B460EA-F742-4524-B213-BF92ABF82ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read."
}
],
"id": "CVE-2004-1992",
"lastModified": "2024-11-20T23:52:14.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108360377119290\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=108359620108234\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11430"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1009869"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5546"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10181"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108360377119290\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=108359620108234\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1009869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15913"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | * | |
| solarwinds | serv-u_file_server | 3.0.0.16 | |
| solarwinds | serv-u_file_server | 3.0.0.17 | |
| solarwinds | serv-u_file_server | 3.1.0.0 | |
| solarwinds | serv-u_file_server | 3.1.0.1 | |
| solarwinds | serv-u_file_server | 3.1.0.3 | |
| solarwinds | serv-u_file_server | 4.0.0.4 | |
| solarwinds | serv-u_file_server | 4.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EF6508-446D-440A-B84A-CB79A7289248",
"versionEndIncluding": "4.1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB703F7-4806-4E3F-850E-ACC127892899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F784-86CB-46FC-97FB-1F43F140C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "022E0AF9-48FA-41C4-A109-4A3284A721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "397E88A4-9E82-4818-B176-1C049993F1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD649F-E290-4E8E-B61F-3950A2157938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE6EDE-C7BC-4730-9602-160A027D8F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE0A612-CF94-4DBE-808C-AE4CA9DD2C3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename."
}
],
"id": "CVE-2004-2111",
"lastModified": "2024-11-20T23:52:31.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107513654005840\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1008841"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9483"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/9675"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107513654005840\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1008841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/9675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14931"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-14 00:55
Modified
2024-11-21 01:33
Severity ?
Summary
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49FF0AF9-2176-423E-88CB-C2C8CC0EBF09",
"versionEndIncluding": "11.1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB703F7-4806-4E3F-850E-ACC127892899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F784-86CB-46FC-97FB-1F43F140C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "022E0AF9-48FA-41C4-A109-4A3284A721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "397E88A4-9E82-4818-B176-1C049993F1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD649F-E290-4E8E-B61F-3950A2157938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE6EDE-C7BC-4730-9602-160A027D8F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE0A612-CF94-4DBE-808C-AE4CA9DD2C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F20066E0-BAE8-462F-86B5-A39DDB5D11C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B460EA-F742-4524-B213-BF92ABF82ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E646B1A-167C-4DB6-84C1-77B071AC605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF068DF2-7298-4648-BA80-06321599E723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B3B340-C416-421D-9616-C4ACB59E05A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CADBC6BB-BF83-4BC0-88FC-4D6E929B7D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5175168C-D623-49AE-9BB6-9DAF8B7C5EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "735F7214-91B5-4BDF-8F98-52249A22AE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E248012-E5EE-4975-8E3B-A05FC5FA4737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C8B779-67D3-43B5-B8F2-C460D5C5906D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4E2E43-42CC-451E-8F49-E5E6E72D90C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D24DD045-751C-4CAA-BDD5-0511FD245651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C70A91-550A-4441-8468-A41759D438DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A34FD62-EC28-4B66-9BCA-44468C87DA74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7075F-5C0B-40F9-B391-10AECE849B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80B6C7FD-77EA-40F2-A9C9-235B4B0757EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE71798A-C0F4-442F-8B8E-D590FCDAB707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EC2A0C-DFD1-4ED7-B59B-9FBB658AC93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "087D548D-384E-4B7C-8FB2-EC9F9F255EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D950E25-71ED-492A-A7D9-F332C2989965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC21E151-25BD-46C3-95C0-D97FB31207A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCE52A0-58FB-41FD-8BC2-410FB0A96A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1D9E67-F528-412F-94D1-BC245E1A9786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA09ADC-E1F7-4A89-ABD5-52657430DF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8A3AA1-CC80-40AD-B57D-E86FE515C4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "141C2C7B-2CD7-4B62-85AC-92209DDB9CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480EE765-C9AF-495E-810E-4153DC250F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "955439D8-7449-4E82-9EB5-6379002E6D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6B101C-1058-45D7-A0B9-26C616691F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EC7360-6AD8-4689-A927-57881C4BF974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3956BE-95DE-4656-B987-796053032621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391013B0-D304-49AF-9FAB-89E9A4E16686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4BCC0E-1F1B-4956-BE5D-67FF788652EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9637A62-B1A9-41D1-905C-DA200DB5A4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FE5332-0928-4743-832D-D7E9AB86B5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF325569-354C-4C70-A6EC-A8BFF1FF2AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31756C9F-307A-4D1C-8534-5F919EA96C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "104F5B91-6267-4B19-A791-FBC49E88B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "809D6AB1-13D5-4589-B564-570114A64AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E986938-BE98-4D7A-9C92-4ED87968E0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34BB423C-D0B6-4C65-A30F-463F492E2526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F380EA4C-18AC-4588-9B51-0D8E81CE84E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16CC8AA7-81CB-489C-92F1-FDF61A14B068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3C9B47-2FB0-4767-8807-4C90FD6BB5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A59F34EF-468F-4710-8379-745FFEDC35ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D82C854-26F6-4689-85B0-81B8C782A52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD26411-E8AC-4595-8C86-DD4D207A6605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0C56D1-177A-4A85-8373-2DA0287A5B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2343B0-9C25-443D-8C93-07101C140B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701EEB9F-B88C-4993-9728-25AD3152D53A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3965B8F-63E1-4195-B7DA-2AF96DCE3AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE97BB8E-1B25-4328-8DA2-5BFC6E54EEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B213209D-AA7C-484B-94C2-686EC7A4B15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF4F655-3FBC-4865-842F-DEBF579A2A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1151B-1336-4710-9F5F-792DCBB9AAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D528E60-B44B-4E58-AD27-0308D4F32CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D38BD7-0E03-4495-85C3-599EB8190DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C920D01C-1AC6-4217-A3B3-5118F024CDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CB0EF0-D2BB-40D4-9818-99EB22B206F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "BE664A58-12B1-4669-9BA8-D3D1EF588EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF60A40-3D34-4BFE-86C0-EEE115CA2565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A451E107-FAD5-4C5F-B4ED-ACCF6BDBBB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2698C9-4053-47FA-A604-708B912A3BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5081EC-13D8-427C-8C0E-D061D0C01A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:11.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747B2BC9-77B9-41FF-966D-0FE311875020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:11.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7825A1DA-682C-443E-B0E0-01B80DD874A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:11.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3E6768-CDF9-49F3-913F-9B4E0DDE14AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a \"..:/\" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Serv-U FTP Server antes de v11.1.0.5 permite a usuarios autenticados remotamente leer y escribir archivos de su elecci\u00f3n y listar y crear directorios de su elecci\u00f3n a trav\u00e9s de \"..:/\" (punto punto dos puntos barra oblicua) en los comandos (1) list, (2) put, o (3) get."
}
],
"id": "CVE-2011-4800",
"lastModified": "2024-11-21T01:33:00.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-14T00:55:02.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47021"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18182"
},
{
"source": "cve@mitre.org",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.serv-u.com/releasenotes/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}