📦

serv-u_file_server

Vendor: solarwinds

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 12 Code Available
Total RCEs 2 Remote Access
Total CVEs 245 Total Indexed
Avg. EPSS 16.66% Exploit Prob.
Latest CVE CVE-2021-25179 May 05

Security Vulnerability Index

Page 1 / 25
6.1 CVSS
CVE-2021-25179

SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.

EPSS: 1.84%
9.0 CVSS
CVE-2011-4800
Exploit Found

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.

EPSS: 1.25%
4.0 CVSS
CVE-2009-4815

Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.

EPSS: 0.32%
10.0 CVSS
CVE-2009-4006
RCE Exploit Found

Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.

EPSS: 77.87%
5.0 CVSS
CVE-2009-3655

Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.

EPSS: 4.12%
7.8 CVSS
CVE-2009-1031
Exploit Found

Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.

EPSS: 16.09%
4.0 CVSS
CVE-2009-0967
Exploit Found

The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.

EPSS: 5.26%
9.0 CVSS
CVE-2008-4501
Exploit Found

Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.

EPSS: 4.60%
4.0 CVSS
CVE-2008-4500
Exploit Found

Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".

EPSS: 10.06%
4.0 CVSS
CVE-2008-3731

Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.

EPSS: 4.02%