CVE-2009-1031 – RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories
https://notcve.org/view.php?id=CVE-2009-1031
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request. Vulnerabilidad de salto de directorio en el servidor FTP en Rhino Software Serv-U File Server v7.4.0.1 permite a atacantes remotos crear directorios de su elección a través de \.. (barra invertida punto punto) en una petición MKD. • https://www.exploit-db.com/exploits/8211 http://osvdb.org/52773 http://secunia.com/advisories/34329 http://www.securityfocus.com/bid/34125 http://www.vupen.com/english/advisories/2009/0738 https://exchange.xforce.ibmcloud.com/vulnerabilities/49258 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-0967 – RhinoSoft Serv-U FTP Server 7.4.0.1 - 'SMNT' (Authenticated) Denial of Service
https://notcve.org/view.php?id=CVE-2009-0967
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument. El servidor FTP en Serv-U versiones 7.0.0.1 hasta 7.4.0.1, permite a los usuarios remotos autenticados causar una denegación de servicio (bloqueo de servicio) por medio de un gran número de comandos SMNT sin un argumento. • https://www.exploit-db.com/exploits/8212 http://www.securityfocus.com/bid/34127 https://exchange.xforce.ibmcloud.com/vulnerabilities/49260 • CWE-399: Resource Management Errors •