Page 3 of 13 results (0.008 seconds)

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html http://www.iss.net/security_center/static/10573.php http://www.securityfocus.com/bid/6112 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. • http://securitytracker.com/id?1002882 http://www.kb.cert.org/vuls/id/279763 https://exchange.xforce.ibmcloud.com/vulnerabilities/7925 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. • https://www.exploit-db.com/exploits/20461 http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html http://marc.info/?l=bugtraq&m=97604119024280&w=2 http://www.osvdb.org/464 http://www.securityfocus.com/bid/2052 https://exchange.xforce.ibmcloud.com/vulnerabilities/5639 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •