CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 1CVE-2008-4501 – Serv-U FTP Server 7.3 - (Authenticated) Remote FTP File Replacement
https://notcve.org/view.php?id=CVE-2008-4501
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command. Vulnerabilidad de salto de directorio en el servidor FTP de Serv-U v7.3, y v7.2.0.1 y anteriores, permite a usuarios autenticados en remoto sobrescribir o crear ficheros de su elección mediante un ..\ (punto punto barra invertida) en el comando RNTO. • https://www.exploit-db.com/exploits/6661 http://secunia.com/advisories/32150 http://securityreason.com/securityalert/4378 http://www.vupen.com/english/advisories/2008/2746 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.0EPSS: 0%CPEs: 8EXPL: 0CVE-2008-3731
https://notcve.org/view.php?id=CVE-2008-3731
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging. Una vulnerabilidad no especificada en Serv-U File Server versiones 7.0.0.0.1, y otras versiones anteriores a 7.2.0.1, permite a usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio) por medio de una sesión SSH con comandos SFTP para la creación y registro de directorios. • http://secunia.com/advisories/31461 http://www.securityfocus.com/bid/30739 http://www.serv-u.com/releasenotes https://exchange.xforce.ibmcloud.com/vulnerabilities/44537 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2006-1951
https://notcve.org/view.php?id=CVE-2006-1951
Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering. • http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0009.html http://secunia.com/advisories/19848 http://securityreason.com/securityalert/778 http://www.rapid7.com/advisories/R7-0019.html http://www.securityfocus.com/archive/1/431729/100/0/threaded http://www.securityfocus.com/bid/17648 http://www.vupen.com/english/advisories/2006/1561 https://exchange.xforce.ibmcloud.com/vulnerabilities/25969 •
CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0CVE-2005-3467
https://notcve.org/view.php?id=CVE-2005-3467
Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities. • http://secunia.com/advisories/17409 http://securitytracker.com/id?1015151 http://www.securityfocus.com/bid/15273 http://www.serv-u.com/releasenotes.asp http://www.vupen.com/english/advisories/2005/2267 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2004-2533
https://notcve.org/view.php?id=CVE-2004-2533
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111. • http://secunia.com/advisories/10706 http://securitytracker.com/id?1009086 http://www.osvdb.org/3713 http://www.securityfocus.com/bid/9675 https://exchange.xforce.ibmcloud.com/vulnerabilities/15251 • CWE-20: Improper Input Validation •