CVSS: 10.0EPSS: 93%CPEs: 9EXPL: 7CVE-2004-0330 – RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0330
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command. • https://www.exploit-db.com/exploits/23760 https://www.exploit-db.com/exploits/23761 https://www.exploit-db.com/exploits/23762 https://www.exploit-db.com/exploits/158 https://www.exploit-db.com/exploits/23763 https://www.exploit-db.com/exploits/16715 http://marc.info/?l=bugtraq&m=107781164214399&w=2 http://www.cnhonker.com/advisory/serv-u.mdtm.txt http://www.securityfocus.com/bid/9751 https://exchange.xforce.ibmcloud.com/vulnerabilities/15323 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 3CVE-2002-1542 – SolarWinds TFTP Server Standard Edition 5.0.55 - Large UDP Packet
https://notcve.org/view.php?id=CVE-2002-1542
SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow. SolarWinds TFTP server 5.0.55 y anteriores permite a atacantes remotos causar la Denegación de Servicios (DoS)(caida) mediante un datagrama UDP largo, posiblemete provocando un desbordamiento de búfer. • https://www.exploit-db.com/exploits/21963 http://archives.neohapsis.com/archives/bugtraq/2002-10/0344.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0040.html http://www.iss.net/security_center/static/10462.php http://www.securityfocus.com/bid/6043 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2002-2393
https://notcve.org/view.php?id=CVE-2002-2393
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html http://www.iss.net/security_center/static/10573.php http://www.securityfocus.com/bid/6112 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2CVE-2002-1209 – SolarWinds TFTP Server Standard Edition 5.0.55 - Directory Traversal
https://notcve.org/view.php?id=CVE-2002-1209
Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request. Vulnerabilidad de atravesamiento de directorios en SolarWinds TFTP Server 5.0.55 y posiblemente anteriores, permite a atacantes remotos leer ficheros arbitrarios mediante secuencias "..\\" (punto punto barra invertida) en una petición GET. • https://www.exploit-db.com/exploits/21964 http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0044.html http://www.idefense.com/advisory/10.24.02.txt http://www.securityfocus.com/bid/6045 https://exchange.xforce.ibmcloud.com/vulnerabilities/10469 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2001-1463
https://notcve.org/view.php?id=CVE-2001-1463
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. • http://securitytracker.com/id?1002882 http://www.kb.cert.org/vuls/id/279763 https://exchange.xforce.ibmcloud.com/vulnerabilities/7925 • CWE-310: Cryptographic Issues •