CVE-2005-3467
https://notcve.org/view.php?id=CVE-2005-3467
Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities. • http://secunia.com/advisories/17409 http://securitytracker.com/id?1015151 http://www.securityfocus.com/bid/15273 http://www.serv-u.com/releasenotes.asp http://www.vupen.com/english/advisories/2005/2267 • CWE-20: Improper Input Validation •
CVE-2004-2111 – RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Overflow
https://notcve.org/view.php?id=CVE-2004-2111
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename. • https://www.exploit-db.com/exploits/149 https://www.exploit-db.com/exploits/23591 https://www.exploit-db.com/exploits/23592 https://www.exploit-db.com/exploits/822 https://www.exploit-db.com/exploits/18190 http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html http://marc.info/?l=bugtraq&m=107513654005840&w=2 http://securitytracker.com/id?1008841 http://www.securityfocus.com/bid/9483 http://www.securityfocus.com/bid/9675 https://exchange.xforce.ibmcloud • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2004-2532 – RhinoSoft Serv-U FTP Server 3.x < 5.x - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-2532
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. • https://www.exploit-db.com/exploits/381 http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html http://www.osvdb.org/8877 http://www.securityfocus.com/bid/10886 https://exchange.xforce.ibmcloud.com/vulnerabilities/16925 • CWE-255: Credentials Management Errors •
CVE-2004-2533
https://notcve.org/view.php?id=CVE-2004-2533
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111. • http://secunia.com/advisories/10706 http://securitytracker.com/id?1009086 http://www.osvdb.org/3713 http://www.securityfocus.com/bid/9675 https://exchange.xforce.ibmcloud.com/vulnerabilities/15251 • CWE-20: Improper Input Validation •
CVE-2004-1675 – RhinoSoft Serv-U FTP Server < 5.2 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2004-1675
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX. • https://www.exploit-db.com/exploits/463 http://marc.info/?l=bugtraq&m=109495074211638&w=2 http://secunia.com/advisories/12507 http://www.securityfocus.com/bid/11155 https://exchange.xforce.ibmcloud.com/vulnerabilities/17329 • CWE-20: Improper Input Validation •