CVSS: 7.5EPSS: 2%CPEs: 20EXPL: 0CVE-2005-3467
https://notcve.org/view.php?id=CVE-2005-3467
02 Nov 2005 — Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities. • http://secunia.com/advisories/17409 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1CVE-2004-2533
https://notcve.org/view.php?id=CVE-2004-2533
31 Dec 2004 — Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111. • http://secunia.com/advisories/10706 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 7%CPEs: 12EXPL: 3CVE-2004-2532 – RhinoSoft Serv-U FTP Server 3.x < 5.x - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-2532
31 Dec 2004 — Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. • https://www.exploit-db.com/exploits/381 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 88%CPEs: 8EXPL: 7CVE-2004-2111 – RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Overflow
https://notcve.org/view.php?id=CVE-2004-2111
31 Dec 2004 — Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename. • https://www.exploit-db.com/exploits/149 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 10%CPEs: 10EXPL: 2CVE-2004-1675 – RhinoSoft Serv-U FTP Server < 5.2 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2004-1675
11 Sep 2004 — Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX. • https://www.exploit-db.com/exploits/463 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 33%CPEs: 10EXPL: 4CVE-2004-1992 – RhinoSoft Serv-U FTP Server 3.x/4.x/5.0 - 'LIST' Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1992
20 Apr 2004 — Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. • https://www.exploit-db.com/exploits/24029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 86%CPEs: 9EXPL: 7CVE-2004-0330 – RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0330
18 Mar 2004 — Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command. • https://www.exploit-db.com/exploits/23760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2002-2393
https://notcve.org/view.php?id=CVE-2002-2393
31 Dec 2002 — Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2001-1463
https://notcve.org/view.php?id=CVE-2001-1463
19 Nov 2001 — The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. • http://securitytracker.com/id?1002882 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2001-0054 – Cat Soft Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal
https://notcve.org/view.php?id=CVE-2001-0054
16 Feb 2001 — Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. • https://www.exploit-db.com/exploits/20461 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •