CVE-2004-2532 – RhinoSoft Serv-U FTP Server 3.x < 5.x - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-2532
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. • https://www.exploit-db.com/exploits/381 http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html http://www.osvdb.org/8877 http://www.securityfocus.com/bid/10886 https://exchange.xforce.ibmcloud.com/vulnerabilities/16925 • CWE-255: Credentials Management Errors •
CVE-2004-1992 – RhinoSoft Serv-U FTP Server 3.x/4.x/5.0 - 'LIST' Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1992
Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. • https://www.exploit-db.com/exploits/24029 http://marc.info/?l=bugtraq&m=108360377119290&w=2 http://marc.info/?l=ntbugtraq&m=108359620108234&w=2 http://secunia.com/advisories/11430 http://securitytracker.com/id?1009869 http://www.osvdb.org/5546 http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html http://www.securityfocus.com/bid/10181 https://exchange.xforce.ibmcloud.com/vulnerabilities/15913 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2004-0330 – RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0330
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command. • https://www.exploit-db.com/exploits/23760 https://www.exploit-db.com/exploits/23761 https://www.exploit-db.com/exploits/23762 https://www.exploit-db.com/exploits/158 https://www.exploit-db.com/exploits/23763 https://www.exploit-db.com/exploits/16715 http://marc.info/?l=bugtraq&m=107781164214399&w=2 http://www.cnhonker.com/advisory/serv-u.mdtm.txt http://www.securityfocus.com/bid/9751 https://exchange.xforce.ibmcloud.com/vulnerabilities/15323 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2001-1463
https://notcve.org/view.php?id=CVE-2001-1463
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. • http://securitytracker.com/id?1002882 http://www.kb.cert.org/vuls/id/279763 https://exchange.xforce.ibmcloud.com/vulnerabilities/7925 • CWE-310: Cryptographic Issues •
CVE-2001-0054 – Cat Soft Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal
https://notcve.org/view.php?id=CVE-2001-0054
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. • https://www.exploit-db.com/exploits/20461 http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html http://marc.info/?l=bugtraq&m=97604119024280&w=2 http://www.osvdb.org/464 http://www.securityfocus.com/bid/2052 https://exchange.xforce.ibmcloud.com/vulnerabilities/5639 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •