CVE-2020-28001 – SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-28001
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. SolarWinds Serv-U versiones anteriores a 15.2.2, permite un ataque de tipo XSS almacenado autenticado SolarWinds Serv-U FTP Server versions through 15.2.1 do not correctly sanitize and validate the user-supplied directory names, allowing malicious users to create directories that when clicked on (in the breadcrumb menu) will trigger cross site scripting payloads. • http://packetstormsecurity.com/files/161400/SolarWinds-Serv-U-FTP-Server-15.2.1-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2021/Feb/37 https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-2_release_notes.htm https://www.themissinglink.com.au/security-advisories-cve-2020-28001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-27994 – SolarWinds Serv-U FTP Server 15.2.1 Path Traversal
https://notcve.org/view.php?id=CVE-2020-27994
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal. SolarWinds Serv-U versiones anteriores a 15.2.2, permite un Salto de Directorio autenticado SolarWinds Serv-U File Server versions through 15.2.1 do not correctly validate path information, allowing the disclosure of files and directories outside of the user's home directory via a specially crafted GET request. • http://packetstormsecurity.com/files/161399/SolarWinds-Serv-U-FTP-Server-15.2.1-Path-Traversal.html http://seclists.org/fulldisclosure/2021/Feb/36 https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-2_release_notes.htm https://www.themissinglink.com.au/security-advisories-cve-2020-27994 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-35482
https://notcve.org/view.php?id=CVE-2020-35482
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. SolarWinds Serv-U versiones anteriores a 15.2.2, permite un ataque de tipo XSS reflejado autenticado • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-2_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-35481
https://notcve.org/view.php?id=CVE-2020-35481
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. SolarWinds Serv-U versiones anteriores a 15.2.2, permite una Inyección de Macros no Autenticados • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-2_release_notes.htm •
CVE-2020-15573
https://notcve.org/view.php?id=CVE-2020-15573
SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. SolarWinds Serv-U File Server versiones anteriores a 15.2.1, presenta una "Cross-script vulnerability", también se conoce como Case Number 00041778 y 00306421 • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •