CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35481
https://notcve.org/view.php?id=CVE-2020-35481
03 Feb 2021 — SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. SolarWinds Serv-U versiones anteriores a 15.2.2, permite una Inyección de Macros no Autenticados • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-2_release_notes.htm •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15573
https://notcve.org/view.php?id=CVE-2020-15573
07 Jul 2020 — SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. SolarWinds Serv-U File Server versiones anteriores a 15.2.1, presenta una "Cross-script vulnerability", también se conoce como Case Number 00041778 y 00306421 • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15574
https://notcve.org/view.php?id=CVE-2020-15574
07 Jul 2020 — SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893. SolarWinds Serv-U File Server versiones anteriores a 15.2.1, maneja inapropiadamente el atributo de cookie Same-Site, también se conoce como Case Number 00331893 • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15575
https://notcve.org/view.php?id=CVE-2020-15575
07 Jul 2020 — SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194. SolarWinds Serv-U File Server versiones anteriores a 15.2.1, permite un ataque de tipo XSS como es demostrado por Tenable Scan, también se conoce como Case Number 00484194 • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15576
https://notcve.org/view.php?id=CVE-2020-15576
07 Jul 2020 — SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response. SolarWinds Serv-U File Server versiones anteriores a 15.2.1, permite una divulgación de información por medio de una respuesta HTTP • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10240
https://notcve.org/view.php?id=CVE-2018-10240
16 May 2018 — SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session. SolarWinds Serv-U MFT en versiones anteriores a la 15.1.6 HFv1 asigna a usuarios autenticados un token de sesión con poca entropía que puede incluirse en peticiones a la aplicació... • https://www.bishopfox.com/news/2018/05/solarwinds-serv-u-managed-file-transfer-insufficient-session-id-entropy • CWE-331: Insufficient Entropy •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10241
https://notcve.org/view.php?id=CVE-2018-10241
16 May 2018 — A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring. Una vulnerabilidad de denegación de servicio (DoS) en SolarWinds Serv-U en versiones anteriores a la 15.1.6 HFv1 permite que un usuario autenticado provoque el cierre inesperado de la aplicación (con una desreferencia de puntero NULL) mediante una URL especialmente manipulada ... • https://www.bishopfox.com/news/2018/05/solarwinds-serv-u-managed-file-transfer-denial-of-service • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 33%CPEs: 1EXPL: 4CVE-2009-4873 – Serv-U Web Client 9.0.0.5 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-4873
26 May 2010 — Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie. Desbordamiento de búfer basado en pila en el servidor HTTP en Rhino Software Serv-U Web Client v9.0.0.5 permite a atacantes remotos causar una denegación de servicio (caída de servidor) o ejecutar código de su elección a través de una cookie de sesión larga. • https://www.exploit-db.com/exploits/9966 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 2%CPEs: 1EXPL: 2CVE-2000-1033 – Cat Soft Serv-U FTP Server 2.5.x - Brute Force
https://notcve.org/view.php?id=CVE-2000-1033
29 Nov 2000 — Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users. • https://www.exploit-db.com/exploits/20334 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2000-0176
https://notcve.org/view.php?id=CVE-2000-0176
29 Feb 2000 — The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist. • http://archives.neohapsis.com/archives/bugtraq/2000-02/0417.html •