Page 4 of 60 results (0.075 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS." Share/IncomingWizard.htm en SolarWinds Serv-U antes de la versión 15.2.3 maneja mal el parámetro SenderEmail suministrado por el usuario, también conocido como "Share URL XSS" • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-3_release_notes.htm https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/solarwinds-serv-u-1523-share-url-xss-cve-2021-32604 https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. SolarWinds Serv-U versiones anteriores a 15.1.6 Hotfix 3, está afectado por Cross Site Scripting (XSS) por medio de un nombre de directorio (ingresado por un administrador) que contiene una carga útil de JavaScript • https://github.com/matrix https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-Hotfix-3?language=en_US https://twitter.com/gm4tr1x https://www.linkedin.com/in/gabrielegristina • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header. SolarWinds Serv-U versiones anteriores a 15.2, está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del encabezado HTTP Host • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm https://github.com/matrix https://twitter.com/gm4tr1x https://www.linkedin.com/in/gabrielegristina • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481. Se detectó un problema en SolarWinds Serv-U versiones anteriores a 15.2.2. Los atacantes no autenticados pueden recuperar contraseñas de texto sin cifrar por medio de la inyección de macros. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-2_release_notes.htm • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C:\ home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges. En SolarWinds Serv-U versiones anteriores a 15.2.2 Hotfix 1, se presenta un directorio que contiene archivos de perfil de usuario (que incluyen hash de contraseña de usuario) que se puede leer y escribir por todo el mundo. Un usuario no privilegiado de Windows (que tenga acceso al sistema de archivos del servidor) puede agregar un usuario FTP al copiar un archivo de perfil válido en este directorio. • https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities • CWE-732: Incorrect Permission Assignment for Critical Resource •