Page 2 of 10 results (0.011 seconds)

CVSS: 7.8EPSS: 76%CPEs: 14EXPL: 1

Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request. Vulnerabilidad de salto de directorio en el servidor FTP en Rhino Software Serv-U File Server v7.4.0.1 permite a atacantes remotos crear directorios de su elección a través de \.. (barra invertida punto punto) en una petición MKD. • https://www.exploit-db.com/exploits/8211 http://osvdb.org/52773 http://secunia.com/advisories/34329 http://www.securityfocus.com/bid/34125 http://www.vupen.com/english/advisories/2009/0738 https://exchange.xforce.ibmcloud.com/vulnerabilities/49258 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.0EPSS: 3%CPEs: 14EXPL: 1

The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument. El servidor FTP en Serv-U versiones 7.0.0.1 hasta 7.4.0.1, permite a los usuarios remotos autenticados causar una denegación de servicio (bloqueo de servicio) por medio de un gran número de comandos SMNT sin un argumento. • https://www.exploit-db.com/exploits/8212 http://www.securityfocus.com/bid/34127 https://exchange.xforce.ibmcloud.com/vulnerabilities/49260 • CWE-399: Resource Management Errors •

CVSS: 4.0EPSS: 1%CPEs: 12EXPL: 2

Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1". Serv-U v7.3, y v7.2.0.1 y anteriores, permite a usuarios autenticados en remoto provocar una denegación de servicio (consumo de la CPU) a través de un comando stou manipulado; probablemente está relacionado con los nombres de dispositivo de MS-DOS, como se ha demostrado usando "con:1" • https://www.exploit-db.com/exploits/6660 http://secunia.com/advisories/32150 http://securityreason.com/securityalert/4377 http://www.securityfocus.com/bid/31556 http://www.vupen.com/english/advisories/2008/2746 https://exchange.xforce.ibmcloud.com/vulnerabilities/45652 • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 1

Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command. Vulnerabilidad de salto de directorio en el servidor FTP de Serv-U v7.3, y v7.2.0.1 y anteriores, permite a usuarios autenticados en remoto sobrescribir o crear ficheros de su elección mediante un ..\ (punto punto barra invertida) en el comando RNTO. • https://www.exploit-db.com/exploits/6661 http://secunia.com/advisories/32150 http://securityreason.com/securityalert/4378 http://www.vupen.com/english/advisories/2008/2746 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.0EPSS: 0%CPEs: 8EXPL: 0

Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging. Una vulnerabilidad no especificada en Serv-U File Server versiones 7.0.0.0.1, y otras versiones anteriores a 7.2.0.1, permite a usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio) por medio de una sesión SSH con comandos SFTP para la creación y registro de directorios. • http://secunia.com/advisories/31461 http://www.securityfocus.com/bid/30739 http://www.serv-u.com/releasenotes https://exchange.xforce.ibmcloud.com/vulnerabilities/44537 •